SSH host keys in /etc/ssh/ are copied onto the new customized ISO.
Bug #1824715 reported by
Cubic PPA
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Cubic |
Fix Released
|
Medium
|
Cubic PPA | ||
Bug Description
ISSUE REPORTED BY USER:
I used "cubic" to remaster Ubuntu-MATE 18.04 LTS and I noticed that the
"/etc/ssh/
remastered iso are the keys generated in the "chroot" of the host system
that I ran cubic on, not unique new keys generated by "dpkg" on the
system being installed. I guess this is not strictly a "cubic" issue,
but it is a potential security issue.
| Changed in cubic: | |
| assignee: | nobody → Cubic PPA (cubic-wizard) |
| status: | New → In Progress |
| importance: | Undecided → Medium |
Revision history for this message
| Cubic PPA (cubic-wizard) wrote | #1 |
Revision history for this message
| Cubic PPA (cubic-wizard) wrote | #2 |
| Changed in cubic: | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
To address this issue, Cubic will NOT copy the SSH key files in `/etc/ssh` to the final ISO during the repackage process.
Note that these files will not be deleted and will continue to be visible in the file structure of the chroot environment for existing projects.
Nevertheless, the user does not have to manually delete these files, since they will simply not be copied to the final ISO.