Bug #1860789 “ssh_authkey_fingerprints must use sha256 not md5” : Bugs : cloud-init package : Ubuntu

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2020-01-24:

#1

ssh-add manpage has

-E fingerprint_hash
Specifies the hash algorithm used when displaying key fingerprints. Valid options are: “md5” and “sha256”. The default is “sha256”.

summary:

- ssh_authkey_fingerprints must use sha256sum not md5
+ ssh_authkey_fingerprints must use sha256 not md5

Revision history for this message

Ryan Harper (raharper) wrote on 2020-01-24:

#2

https://github.com/canonical/cloud-init/pull/188

Revision history for this message

Dan Watkins (oddbloke) wrote on 2020-01-27:

#3

A fix for this bug was committed to cloud-init master in https://github.com/canonical/cloud-init/commit/28aa8c5a16b67ea0226734eeadfa2c467701899d

Changed in cloud-init (Ubuntu):
status:	New → Fix Committed
assignee:	nobody → Ryan Harper (raharper)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-02-05:

#4

This bug was fixed in the package cloud-init - 19.4-56-g06e324ff-0ubuntu1

---------------
cloud-init (19.4-56-g06e324ff-0ubuntu1) focal; urgency=medium

  * New upstream snapshot.
    - sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
      [Robert Schweikert] (LP: #1800854)
    - cloudinit: replace "from six import X" imports (except in util.py) (#183)
    - run-container: use 'test -n' instead of 'test ! -z' (#202)
      [Paride Legovini]
    - net/cmdline: correctly handle static ip= config (#201)
      [Dimitri John Ledkov] (LP: #1861412)
    - Replace mock library with unittest.mock (#186)
    - HACKING.rst: update CLA link (#199)
    - Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
      [Louis Bouchard]
    - cloudinit/cmd/devel/net_convert.py: add missing space (#191)
    - tools/run-container: drop support for python2 (#192) [Paride Legovini]
    - Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
    - Make the RPM build use Python 3 (#190) [Paride Legovini]
    - cc_set_password: increase random pwlength from 9 to 20 (#189)
      (LP: #1860795) (CVE-2020-8632)
    - .travis.yml: use correct Python version for xenial tests (#185)
    - cloudinit: remove ImportError handling for mock imports (#182)
    - Do not use fallocate in swap file creation on xfs. (#70)
      [Eduardo Otubo] (LP: #1781781)
    - .readthedocs.yaml: install cloud-init when building docs (#181)
      (LP: #1860450)
    - Introduce an RTD config file, and pin the Sphinx version to the RTD
      default (#180)
    - Drop most of the remaining use of six (#179)
    - Start removing dependency on six (#178)
    - Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
    - docs: add proposed SRU testing procedure (#167)
    - util: rename get_architecture to get_dpkg_architecture (#173)
    - Ensure util.get_architecture() runs only once (#172)

-- Chad Smith <email address hidden> Wed, 05 Feb 2020 13:56:17 -0700

This bug was fixed in the package cloud-init - 19.4-56-g06e324ff-0ubuntu1

---------------
cloud-init (19.4-56-g06e324ff-0ubuntu1) focal; urgency=medium

* New upstream snapshot.
    - sysconfig: distro-specific config rendering for BOOTPROTO option (#162)
      [Robert Schweikert] (LP: #1800854)
    - cloudinit: replace "from six import X" imports (except in util.py) (#183)
    - run-container: use 'test -n' instead of 'test ! -z' (#202)
      [Paride Legovini]
    - net/cmdline: correctly handle static ip= config (#201)
      [Dimitri John Ledkov] (LP: #1861412)
    - Replace mock library with unittest.mock (#186)
    - HACKING.rst: update CLA link (#199)
    - Scaleway: Fix DatasourceScaleway to avoid backtrace (#128)
      [Louis Bouchard]
    - cloudinit/cmd/devel/net_convert.py: add missing space (#191)
    - tools/run-container: drop support for python2 (#192) [Paride Legovini]
    - Print ssh key fingerprints using sha256 hash (#188) (LP: #1860789)
    - Make the RPM build use Python 3 (#190) [Paride Legovini]
    - cc_set_password: increase random pwlength from 9 to 20 (#189)
      (LP: #1860795) (CVE-2020-8632)
    - .travis.yml: use correct Python version for xenial tests (#185)
    - cloudinit: remove ImportError handling for mock imports (#182)
    - Do not use fallocate in swap file creation on xfs. (#70)
      [Eduardo Otubo] (LP: #1781781)
    - .readthedocs.yaml: install cloud-init when building docs (#181)
      (LP: #1860450)
    - Introduce an RTD config file, and pin the Sphinx version to the RTD
      default (#180)
    - Drop most of the remaining use of six (#179)
    - Start removing dependency on six (#178)
    - Add Rootbox & HyperOne to list of cloud in README (#176) [Adam Dobrawy]
    - docs: add proposed SRU testing procedure (#167)
    - util: rename get_architecture to get_dpkg_architecture (#173)
    - Ensure util.get_architecture() runs only once (#172)

-- Chad Smith <chad.smith@canonical.com>  Wed, 05 Feb 2020 13:56:17 -0700

Changed in cloud-init (Ubuntu):
status:	Fix Committed → Fix Released

Revision history for this message

Dan Watkins (oddbloke) wrote on 2020-02-20: Fixed in cloud-init version 20.1.

#5

This bug is believed to be fixed in cloud-init in version 20.1. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status:	New → Fix Released

Revision history for this message

James Falcon (falcojr) wrote on 2023-05-12:

#6

Tracked in Github Issues as https://github.com/canonical/cloud-init/issues/3598

Affects		Status	Importance	Assigned to	Milestone
	cloud-init	Fix Released	Undecided	Unassigned
	cloud-init (Ubuntu)	Fix Released	Undecided	Ryan Harper

Ubuntu
cloud-init package

ssh_authkey_fingerprints must use sha256 not md5

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntucloud-init package

ssh_authkey_fingerprints must use sha256 not md5

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
cloud-init package