SSH key options are not respected when user is root #3868
Description
This bug was originally filed in Launchpad as LP: #1924614
Launchpad details
affected_projects = [] assignee = None assignee_name = None date_closed = None date_created = 2021-04-15T21:17:34.442043+00:00 date_fix_committed = None date_fix_released = None id = 1924614 importance = low is_complete = False lp_url = https://bugs.launchpad.net/cloud-init/+bug/1924614 milestone = None owner = emptystring owner_name = Tris Emmy Wilson private = False status = triaged submitter = emptystring submitter_name = Tris Emmy Wilson tags = [] duplicates = []
Launchpad user Tris Emmy Wilson(emptystring) wrote on 2021-04-15T21:17:34.442043+00:00
In user data, if "user" is set to "root" and "ssh_authorized_keys" are set, any SSH key options are ignored. For example, with the following:
user: root
ssh_authorized_keys:
- cert-authority,principals="globalroot" ssh-ed25519 SomeEd25519Key Global User Issuing CA
...the following ends up in ~root/.ssh/authorized_keys:
ssh-ed25519 SomeEd25519Key Global User Issuing CA
However, the SSH key options are respected when "user" is not set to root.
I think, but am not sure, that this is due to an oversight in the apply_credentials method in cc_ssh.py. In this snippet:
if disable_root:
if not user:
user = "NONE"
key_prefix = disable_root_opts.replace('$USER', user)
key_prefix = key_prefix.replace('$DISABLE_USER', 'root')
else:
key_prefix = ''
"key_prefix" being set to the empty string causes "ssh_util.setup_user_keys" to pass a non-None value to AuthKeyLineParser.parse, causing it to ignore the options set on the key in favor of the empty string. I think setting "key_prefix = None" here may fix the problem but don't know enough about the cloud-init development process + what the security implications of this might be.
I'm testing in a Proxmox 6 environment using the Debian 10 OpenStack cloud-init image.