@raharper I agree with the concern regarding the manipulation of sshd config. To minimize the collision with cloud-init this package does not change /etc/ssh/sshd_config like cloud-init does, but overrides the configuration value with a systemd drop-in. The drop-in is placed at the time the AMI is built thus there is no race with cloud-init here, and if upgrade of ec2-instance-connect has a race with cloud-init then there is a race with the potential upgrade of sshd as well.
Regarding the potential user confusion when the user also sets ssh keys using cloud-init eic_run_authorized_keys is designed to _merge_ the keys used by Instance Connect with the other keys in use thus the users can continue to use their keys deployed by cloud-init or the ones deployed by other means. I also agree that there is additional overhead for each ssh connection, but while testing the package I have not found that excessive. We may need further evaluation of the impact on the ssh service before adding the package to the AMIs by default, but I think this can be done after finishing the MIR process. Upstream already answered @paelzer's caching proposal, and the package is installed on Amazon Linux 2 by default already, thus I believe upstream's attention is warranted regarding the overhead. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835114 Title: [MIR] ec2-instance-connect To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1835114/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
