[juju 3.1 - manual provider] strict confinement breaks SSH certificate authentication
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Triaged
|
Low
|
Unassigned |
Bug Description
Hello,
When using manual provider on juju 3.1, manual provider is unable to authenticate using my SSH keys.
ap-http-proxy: snap-https-proxy: snap-store-
14:32:45 INFO juju.environs.
14:32:45 DEBUG juju.utils.ssh ssh.go:305 using OpenSSH ssh client
14:32:45 DEBUG juju.utils.ssh ssh.go:305 using OpenSSH ssh client
14:32:45 ERROR juju.provider.
ERROR subprocess encountered error code 255 (ubuntu@
14:32:45 DEBUG cmd supercommand.go:548 error stack:
subprocess encountered error code 255 (ubuntu@
github.
github.
If I reinstall juju 3.1 using devmode and re-run the same command I am able to bootstrap successfully.
[Steps to reproduce]
1. Install juju 3.1/stable confined
2. Attempt to bootstrap a manual controller
Observe the above error
[Workaround]
Install with devmode (not recommended)
Thanks,
Peter
description: | updated |
summary: |
[juju 3.1 - manual provider] strict confinement breaks SSH certificate - authenticaiton + authentication |
Confirmed.
Juju snap is trying to access the socket of ssh-agent, which may not be covered by "ssh-keys" plug in snapcraft.
> Aug 08 11:45:29 t14 kernel: audit: type=1400 audit(169146272 9.314:741) : apparmor="DENIED" operation="connect" class="file" profile= "snap.juju. juju" name="/ run/user/ 1000/keyring/ ssh" pid=159125 comm="ssh" requested_mask="wr" denied_mask="wr" fsuid=1000 ouid=1000