if key exists in /root/.ssh/authorized_keys, disable_root setting has no effect

Bug #434076 reported by Scott Moser
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init (Ubuntu)
Fix Released

Bug Description

Binary package hint: ec2-init

As I mentioned in bug 407950, if a key registered to an ec2 instance (ec2-run-instances --key <my_key>) already exists in /root/.ssh/authorized_keys, then ec2-init's code to disable_root login will have no effect.

The code will simply append to the file. In my testing, the first key that matches is used by sshd, and thus the appended (disabled or enabled) root keys will not change anything.

Related branches

Scott Moser (smoser)
affects: ec2-init (Ubuntu) → cloud-init (Ubuntu)
Changed in cloud-init (Ubuntu):
status: New → Triaged
Revision history for this message
Scott Moser (smoser) wrote :

I'm marking this "Won't Fix".
A solution to this problem would be to insert the key at the beginning of .ssh/authorized_keys. However, that would break the following use case:
 * launch instance
 * edit /root/.ssh/authorized_keys to allow direct root login
 * rebundle

Because that seems like a reasonable case, and this change will only end up hurting people who have explicitly touched /root/.ssh/authorized_keys, I think it best to leave it as it is.

Changed in cloud-init (Ubuntu):
status: Triaged → Won't Fix
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cloud-init - 0.6.1-0ubuntu16

cloud-init (0.6.1-0ubuntu16) oneiric; urgency=low

  * catch up with trunk at revision 439
  * warn on failure to set hostname (LP: #832175)
  * properly wait for all static interfaces to be up before
    cloud-init runs (depends on fix in LP:# 838968).
  * in DataSources NoCloud and OVF, do not set hostname to the
    static value 'ubuntuhost' if local-hostname is not in metadata
    (LP: #838280)
  * improve the way ssh_authorized_keys is updated, so that the
    values given will be used. (LP: #434076, LP: #833499)
  * cloud-init-notnet.conf: minor changes to config
 -- Scott Moser <email address hidden> Thu, 01 Sep 2011 21:14:09 -0400

Changed in cloud-init (Ubuntu):
status: Won't Fix → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.