ec2-init: ec2-fetch-credentials "setup_root_user" code cleanup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
EC2 init scripts |
Invalid
|
Undecided
|
Unassigned | ||
Ubuntu on EC2 |
Invalid
|
Medium
|
Unassigned | ||
ec2-init (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
This report applies to the code found in the dev testing ami-af3fdec6
The "setup_root_user" code in /usr/sbin/
If the file /etc/ec2-
DISABLE_
then the code sets up an informational rejection message if an ssh to root is attempted and succeeds using the ec2 keypair used to start the instance. This seems fine.
If the file contains
DISABLE_
then the code prints
"You choose to disable the root user, god help you."
and does nothing else.
- Why should DISABLE_ROOT="0" *disable* the root user as the message is claiming?
- What does it mean to disable the root user? or enable the root user? This condition is not doing anything.
- Neither option is *enabling* ssh to the root user. Is it supposed to?
- Why would disabling ssh to the root user be a bad thing? Isn't this the default approach used for security?
- Even if this were an appropriate place to express concern (and it's not obvious to me that it is), "god help you" still may be inappropriate language for a distro which tries to be inclusive.
- The next case has the line:
print "%s - I dont understand that opion."
I'm not a Python programmer, but I've always seen a matching % argument when there is a "%s". Is there something missing here?
- Are the format and options for /etc/ec2-
- The code contains a "checkServer" function which does not appear to be called.
Related branches
Changed in ubuntu-on-ec2: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in ec2-init: | |
status: | New → Confirmed |
tags: | added: ec2-images uec-images |
Changed in ec2-init (Ubuntu): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in ubuntu-on-ec2: | |
status: | Confirmed → Invalid |
Changed in ec2-init: | |
status: | Confirmed → Invalid |
The 'ec2-fetch- credentials' program has been substantially re-written.
> If the file /etc/ec2- init/ec2- config. cfg contains
> DISABLE_ROOT="1"
The format /etc/ec2- init/ec2- config. cfg has been changed. Rather than shell-like syntax, it is now in ConfigParser syntax (read by ConfigObj).
The above declaration is now:
disable_root=1
The purpose of this option is to control whether or not access to the instance's root account can be gained directly by use of a public/private registered to the instance (with 'ec2-run-instances -k').
> If the file contains
> DISABLE_ROOT="0"
> then the code prints
> "You choose to disable the root user, god help you."
> and does nothing else.
'disable_root=0' will now write the key directly to /root/. ssh/authorized_ keys without a 'command=' prefix.
One thing to note, is that if a key registered to the instance matches one that already exists in /root/. ssh/authorized_ keys, then the code will simply append to the file. In my testing, the first key that matches is used by sshd, and thus the appended (disabled or enabled) root keys will not change anything.
Soren, you have thoughts on this? Essentially if keys exist in /root/. ssh/authorized_ keys already exist, disable_root setting is useless.
> - Why should DISABLE_ROOT="0" *disable* the root user as the message is
> claiming?
the inverted logic has now been fixed. disable_root=1 will disable ssh key based auth for the root user.
> - What does it mean to disable the root user? or enable the root user? This
> condition is not doing anything.
Should we re-name this key? maybe 'enable_ root_via_ ec2_ssh_ key' ?
> - Neither option is *enabling* ssh to the root user. Is it supposed to?
Outside of the bug mentioned above 'disable_root=1' disables ssh in as root, and 'disable_root=0' will allow root in with the public_keys
> - Even if this were an appropriate place to express concern (and it's not
> obvious to me that it is), "god help you" still may be inappropriate
> language for a distro which tries to be inclusive.
The message is now simply:
Please login as the ubuntu user rather than root user.
> - The next case has the line:
> print "%s - I dont understand that opion."
> I'm not a Python programmer, but I've always seen a matching % argument
> when there is a "%s". Is there something missing here?
no longer present.
> - Are the format and options for /etc/ec2- init/ec2- config. cfg documented
> somewhere?
No.
> - The code contains a "checkServer" function which does not appear to be
> called.
removed