Tracked in Github Issues as https://github.com/canonical/cloud- init/issues/3417
** Bug watch added: github.com/canonical/cloud-init/issues #3417 https://github.com/canonical/cloud-init/issues/3417 ** Changed in: cloud-init Status: Triaged => Expired -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to cloud-init. https://bugs.launchpad.net/bugs/1839061 Title: Wrong access permissions of authorized keys directory when using root- owned location Status in cloud-init: Expired Bug description: When using a central, root-owned directory to store ssh keys, cloud- init changes the permissions of the key directory which renders the keys unusable. I'm using a similar approach as described here: https://www.ssh.com/ssh/key/ MOVING SSH KEYS TO A ROOT-OWNED LOCATION but I'm using the config AuthorizedKeysFile /etc/ssh/keys/%u In the original image, the permissions of the keys directory /etc/ssh/keys are 0755 - owned by root:root. It contains all the keys of the users. All keys have 0644 permissions and are also owned by root:root. (The background: Users are not allowed to change their ssh keys.) After the machine boots and cloud-init finishes, the permissions of the key directory /etc/ssh/keys is 0700 and it is impossible to use key-authentication, because sshd cannot access the key files. IMHO the reason for this is, that cloud-init changes the permission of the keys directory https://git.launchpad.net/cloud-init/tree/cloudinit/ssh_util.py#n259 util.ensure_dir(os.path.dirname(auth_key_fn), mode=0o700) which is wrong in this use case. To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-init/+bug/1839061/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
