ec2-fetch-credentials lists "ubuntu" user in root authorized_keys even if ec2-config.cfg specifies another
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ec2-init (Ubuntu) |
Fix Released
|
Low
|
Scott Moser |
Bug Description
Binary package hint: ec2-init
When building a new EC2 AMI using either vmbuilder or a pre-built Canonical image, there are a couple options which can be tweaked in the /etc/ec2-
When the "user" is set to another username, say "bilbo", then ec2-fetch-
However, when you ssh to root@ the new EC2 instance, you always get the message:
Please login as the ubuntu user rather than root user.
This message should be customized in ec2-fetch-
Please login as the bilbo user rather than root user.
While you're on this line of code, it might be nice to make the use of "the" consistent and perhaps even add quotes to reduce confusion about odd usernames. Proposal:
Please login as the user "bilbo" rather than the user "root".
ProblemType: Bug
Architecture: i386
Date: Wed Jan 13 09:33:17 2010
DistroRelease: Ubuntu 9.10
Ec2AMI: ami-1515f67c
Ec2AMIManifest: ubuntu-
Ec2Availability
Ec2InstanceType: m1.small
Ec2Kernel: aki-5f15f636
Ec2Ramdisk: ari-0915f660
Package: ec2-init 0.4.999-0ubuntu7
PackageArchitec
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: ec2-init
Tags: ec2-images
Uname: Linux 2.6.31-302-ec2 i686
> When the "user" is set to another username, say "bilbo", then ec2-fetch-
> credentials correctly installs the authorized_keys in the bilbo home
> .ssh directory on first boot.
>
> However, when you ssh to root@ the new EC2 instance, you always get the
> message:
>
> Please login as the ubuntu user rather than root user.
Hmm... That could be fixed, but I wonder if in general this is a bad idea.
The message informs an attacker of a valid user on the system.