2020-01-17 15:04:04 |
Balint Reczey |
bug |
|
|
added bug |
2020-01-17 23:28:54 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu): status |
New |
Fix Released |
|
2020-01-18 13:41:55 |
Francis Ginther |
tags |
|
id-5e1e340b6338410899d33213 |
|
2020-01-20 11:39:02 |
Balint Reczey |
description |
TODO |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service. |
|
2020-01-21 13:58:42 |
Balint Reczey |
description |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service. |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference. |
|
2020-01-21 14:01:19 |
Balint Reczey |
description |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference. |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.
Disco SRU is skipped because it goes EOL before the aging of the package would finish. |
|
2020-01-21 14:40:49 |
Balint Reczey |
description |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.
Disco SRU is skipped because it goes EOL before the aging of the package would finish. |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This package will be installed by default for a new service called "Instance Connect" provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.
Disco SRU is skipped because it goes EOL before the aging of the package would finish. |
|
2020-01-21 14:41:53 |
Balint Reczey |
nominated for series |
|
Ubuntu Disco |
|
2020-01-21 14:41:53 |
Balint Reczey |
bug task added |
|
ec2-instance-connect (Ubuntu Disco) |
|
2020-01-21 14:41:53 |
Balint Reczey |
nominated for series |
|
Ubuntu Xenial |
|
2020-01-21 14:41:53 |
Balint Reczey |
bug task added |
|
ec2-instance-connect (Ubuntu Xenial) |
|
2020-01-21 14:41:53 |
Balint Reczey |
nominated for series |
|
Ubuntu Eoan |
|
2020-01-21 14:41:53 |
Balint Reczey |
bug task added |
|
ec2-instance-connect (Ubuntu Eoan) |
|
2020-01-21 14:41:53 |
Balint Reczey |
nominated for series |
|
Ubuntu Bionic |
|
2020-01-21 14:41:53 |
Balint Reczey |
bug task added |
|
ec2-instance-connect (Ubuntu Bionic) |
|
2020-01-21 14:42:03 |
Balint Reczey |
ec2-instance-connect (Ubuntu Disco): status |
New |
Won't Fix |
|
2020-01-21 14:46:25 |
Balint Reczey |
description |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Purge the ec2-instance-connect package
5) Configure the instance to use IMDSv2
6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This package will be installed by default for a new service called "Instance Connect" provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.
Disco SRU is skipped because it goes EOL before the aging of the package would finish. |
[Impact]
New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full.
[Test Cases]
This is manually tested by Amazon:
0) Deploy an Amazon AWS instance with Instance Connect feature enabled
1) Install the previous version of the ec2-instance-connect package
2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options.
3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
4) Upgrade to the new version of the package
5) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service.
6) Purge the ec2-instance-connect package
7) Configure the instance to use IMDSv2
8) Install the new ec2-instance-connect again and verify that is working again (steps 2 and 3)
[Regression Potential]
Limited to SSH access on instances where the package gets installed. This package will be installed by default for a new service called "Instance Connect" provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service.
The package upgrade is covered in the test case.
[Other Info]
The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.
Disco SRU is skipped because it goes EOL before the aging of the package would finish. |
|
2020-01-21 14:53:31 |
Chris Halse Rogers |
ec2-instance-connect (Ubuntu Eoan): status |
New |
Fix Committed |
|
2020-01-21 14:53:32 |
Chris Halse Rogers |
bug |
|
|
added subscriber Ubuntu Stable Release Updates Team |
2020-01-21 14:53:36 |
Chris Halse Rogers |
bug |
|
|
added subscriber SRU Verification |
2020-01-21 14:53:40 |
Chris Halse Rogers |
tags |
id-5e1e340b6338410899d33213 |
id-5e1e340b6338410899d33213 verification-needed verification-needed-eoan |
|
2020-01-21 15:00:56 |
Chris Halse Rogers |
ec2-instance-connect (Ubuntu Bionic): status |
New |
Fix Committed |
|
2020-01-21 15:01:03 |
Chris Halse Rogers |
tags |
id-5e1e340b6338410899d33213 verification-needed verification-needed-eoan |
id-5e1e340b6338410899d33213 verification-needed verification-needed-bionic verification-needed-eoan |
|
2020-01-21 15:18:03 |
Chris Halse Rogers |
ec2-instance-connect (Ubuntu Xenial): status |
New |
Fix Committed |
|
2020-01-21 15:18:10 |
Chris Halse Rogers |
tags |
id-5e1e340b6338410899d33213 verification-needed verification-needed-bionic verification-needed-eoan |
id-5e1e340b6338410899d33213 verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
|
2020-02-07 23:01:01 |
Steve Langasek |
ec2-instance-connect (Ubuntu Eoan): status |
Fix Committed |
Incomplete |
|
2020-02-11 09:21:10 |
Balint Reczey |
ec2-instance-connect (Ubuntu Eoan): status |
Incomplete |
In Progress |
|
2020-02-13 11:20:42 |
Balint Reczey |
ec2-instance-connect (Ubuntu Bionic): status |
Fix Committed |
In Progress |
|
2020-02-13 11:20:45 |
Balint Reczey |
ec2-instance-connect (Ubuntu Xenial): status |
Fix Committed |
In Progress |
|
2020-02-16 21:21:54 |
Mathew Hodson |
tags |
id-5e1e340b6338410899d33213 verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
id-5e1e340b6338410899d33213 upgrade-software-version verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
|
2020-02-17 10:46:41 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Eoan): status |
In Progress |
Fix Committed |
|
2020-02-17 11:10:00 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-02-17 11:18:03 |
Łukasz Zemczak |
ec2-instance-connect (Ubuntu Xenial): status |
In Progress |
Fix Committed |
|
2020-02-24 16:50:40 |
Balint Reczey |
tags |
id-5e1e340b6338410899d33213 upgrade-software-version verification-needed verification-needed-bionic verification-needed-eoan verification-needed-xenial |
id-5e1e340b6338410899d33213 upgrade-software-version verification-done-eoan verification-needed verification-needed-bionic verification-needed-xenial |
|
2020-02-24 17:02:32 |
Balint Reczey |
tags |
id-5e1e340b6338410899d33213 upgrade-software-version verification-done-eoan verification-needed verification-needed-bionic verification-needed-xenial |
id-5e1e340b6338410899d33213 upgrade-software-version verification-done verification-done-bionic verification-done-eoan verification-done-xenial |
|
2020-02-27 18:24:23 |
Łukasz Zemczak |
removed subscriber Ubuntu Stable Release Updates Team |
|
|
|
2020-02-27 18:24:22 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Eoan): status |
Fix Committed |
Fix Released |
|
2020-02-27 18:24:46 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|
2020-02-27 18:24:54 |
Launchpad Janitor |
ec2-instance-connect (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|