This bug is believed to be fixed in cloud-init in version 23.2. If this
is still a problem for you, please make a comment and set the state back
to New
Thank you.
** Changed in: cloud-init
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to cloud-init.
https://bugs.launchpad.net/bugs/2011291
Title:
After Cloud-Init is completed, an error is reported when the sshd
service is restarted.
Status in cloud-init:
Fix Released
Bug description:
I tested this issue on multiple versions, I found that cloud-init 21.4
is ok, cloud-init 22.2 and 23.1 is not ok.
The following error information is displayed for the sshd service:
Mar 11 17:17:53 openEuler sshd[2232]:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Mar 11 17:17:53 openEuler sshd[2232]: @ WARNING: UNPROTECTED PRIVATE
KEY FILE! @
Mar 11 17:17:53 openEuler sshd[2232]:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Mar 11 17:17:53 openEuler sshd[2232]: Permissions 0640 for
'/etc/ssh/ssh_host_rsa_key' are too open.
Mar 11 17:17:53 openEuler sshd[2232]: It is required that your private key
files are NOT accessible by others.
Mar 11 17:17:53 openEuler sshd[2232]: This private key will be ignored.
Mar 11 17:17:53 openEuler sshd[2232]: Unable to load host key
"/etc/ssh/ssh_host_rsa_key": bad permissions
Mar 11 17:17:53 openEuler sshd[2232]: Unable to load host key:
/etc/ssh/ssh_host_rsa_key
Mar 11 17:17:53 openEuler sshd[2232]:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Mar 11 17:17:53 openEuler sshd[2232]: @ WARNING: UNPROTECTED PRIVATE
KEY FILE! @
Mar 11 17:17:53 openEuler sshd[2232]:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Mar 11 17:17:53 openEuler sshd[2232]: Permissions 0640 for
'/etc/ssh/ssh_host_ed25519_key' are too open.
Mar 11 17:17:53 openEuler sshd[2232]: It is required that your private key
files are NOT accessible by others.
Mar 11 17:17:53 openEuler sshd[2232]: This private key will be ignored.
Mar 11 17:17:53 openEuler sshd[2232]: Unable to load host key
"/etc/ssh/ssh_host_ed25519_key": bad permissions
Mar 11 17:17:53 openEuler sshd[2232]: Unable to load host key:
/etc/ssh/ssh_host_ed25519_key
Mar 11 17:17:53 openEuler sshd[2232]: sshd: no hostkeys available -- exiting.
At the same time, I found that the key file permission generated by
the sshd service is 0o400, But the file permission generated by cloud-
init cc_ssh is 0o644 (publibc key) and 0o640 (private key). Should
cloud-init be consistent with sshd?
[root@openEuler ~]# cd /etc/ssh/
[root@openEuler ssh]# ll ssh_host_*
-r--------. 1 root ssh_keys 480 Mar 11 15:57 ssh_host_ecdsa_key
-r--------. 1 root root 162 Mar 11 15:57 ssh_host_ecdsa_key.pub
-r--------. 1 root ssh_keys 387 Mar 11 15:57 ssh_host_ed25519_key
-r--------. 1 root root 82 Mar 11 15:57 ssh_host_ed25519_key.pub
-r--------. 1 root ssh_keys 2578 Mar 11 15:57 ssh_host_rsa_key
-r--------. 1 root root 554 Mar 11 15:57 ssh_host_rsa_key.pub
After Cloud-Init is completed:
[root@openEuler ssh]# ll ssh_host_*
-rw-r-----. 1 root ssh_keys 1381 Mar 11 17:17 ssh_host_dsa_key
-rw-r--r--. 1 root root 604 Mar 11 17:17 ssh_host_dsa_key.pub
-rw-r-----. 1 root ssh_keys 505 Mar 11 17:17 ssh_host_ecdsa_key
-rw-r--r--. 1 root root 176 Mar 11 17:17 ssh_host_ecdsa_key.pub
-rw-r-----. 1 root ssh_keys 411 Mar 11 17:17 ssh_host_ed25519_key
-rw-r--r--. 1 root root 96 Mar 11 17:17 ssh_host_ed25519_key.pub
-rw-r-----. 1 root ssh_keys 2602 Mar 11 17:17 ssh_host_rsa_key
-rw-r--r--. 1 root root 568 Mar 11 17:17 ssh_host_rsa_key.pub
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/2011291/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
