Ubuntu
cloud-init package

ssh_util.setup_user_keys restricts permission on ssh public keys dir, preventing login

Bug #1340901 reported by Patrick Lucas
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
cloud-init (Ubuntu)
Won't Fix
Medium
Unassigned

Bug Description

Bug present in: Ubuntu 14.04 LTS, cloud-init 0.7.5-0ubuntu1

In ssh_util.py, setup_user_keys, which is called by config.cc_ssh.apply_credentials, changes the permissions of the directory into which the new user's public ssh key is written.

This directory is found by parsing /etc/ssh/sshd_config for the value of AuthorizedKeysFile and calling dirname.

In our case, the value of AuthorizedKeysFile is /etc/authorized_keys.d/%u.pub. This means that cloud-init chmods /etc/authorized_keys.d to 0700, preventing any user from logging in.

My proposed solution is for setup_user_keys to only chmod and chown the directory and pubkey file if the file is contained within the user's home directory.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cloud-init (Ubuntu):
status: New → Confirmed
Scott Moser (smoser)
Changed in cloud-init (Ubuntu):
importance: Undecided → Medium
Revision history for this message
James Falcon (falcojr) wrote :

Ubuntu 14.04 is EOL

Changed in cloud-init (Ubuntu):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.