cloud-init regenerating ssh-keys
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Fix Released
|
Medium
|
Markus Schade | ||
cloud-init (Ubuntu) |
Fix Released
|
Undecided
|
Markus Schade |
Bug Description
Hi,
I made some experiments with virtual machines with Ubuntu-20.04 at a german cloud provider (Hetzner), who uses cloud-init to initialize machines with a basic setup such as ip and ssh access.
During my installation tests I had to reboot the virtual machines several times after installing or removing packages.
Occassionally (not always) I noticed that the ssh host keys have changed, ssh complained. After accepting the new host keys (insecure!) I found, that all key files in /etc/ssh had fresh mod times, i.e. were freshly regenerated.
This reminds me to a bug I had reported about cloud-init some time ago, where I could not change the host name permanently, because cloud-init reset it to it's initial configuration at every boot time (highly dangerous, because it seemed to reset passwords to their original state as well.
Although cloud-init is intended to do an initial configuration for the first boot only, it seems to remain on the system and – even worse: occasionally – change configurations.
I've never understood what's the purpose of cloud-init remaining active once after the machine is up and running.
Changed in cloud-init (Ubuntu): | |
status: | Incomplete → New |
Changed in cloud-init (Ubuntu): | |
status: | Incomplete → New |
Changed in cloud-init (Ubuntu): | |
status: | New → Incomplete |
Changed in cloud-init (Ubuntu): | |
status: | Expired → New |
Changed in cloud-init (Ubuntu): | |
status: | Confirmed → In Progress |
assignee: | nobody → Markus Schade (lp-markusschade) |
Changed in cloud-init: | |
status: | New → Fix Committed |
importance: | Undecided → Medium |
assignee: | nobody → Markus Schade (lp-markusschade) |
BTW,
docs at https:/ /cloudinit. readthedocs. io completely fail to tell what cloud-init actually is or is supposed to do.
It is not explaining that or why cloud-init survives the first boot and remains active for future boots, and what this is good for.
There is no warning, no hint, no information that cloud-init keeps continuously twiddeling with the system.