subject:"\[Group.of.nepali.translators\] \[Bug 1644064\] Re\: sshd_config file permission changed to 644 if ssh

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

2017-09-22 Thread Scott Moser

This bug is believed to be fixed in cloud-init in 17.1. If this is still
a problem for you, please make a comment and set the state back to New

Thank you.

** Changed in: cloud-init
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  Fix Released
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released
Status in cloud-init source package in Zesty:
  Fix Released
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  Existing security permissions on /etc/ssh/sshd_config file are not honored.

  [Test Case]

  wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
  chmod 755 lxc-proposed-snapshot

  # create config.yaml
  cat config.yaml
  #cloud-config
  ssh_pwauth: true

  name=proposed-test
  for release in xenial yakkety zesty; do \
   ref=$release-proposed;
   lxc-proposed-snapshot --proposed --publish $release $ref;
   lxc init $ref $name;
   lxc file pull $name/etc/ssh/sshd_config .;
   chmod 600 sshd_config;
   lxc file push sshd_config $name/etc/ssh/sshd_config;
   lxc config set $name user.user-data - < config.yml;
   lxc start;
   sleep 10;
   lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
   lxc stop $name;
   lxc delete $name;
  done

  [Regression Potential]
  Minimal as we are now honoring file permissions if an sshd_config file exists.

  [Other Info]

  === End SRU Template ===

  In my deploy image, the default permission of sshd_config file is 600.
  It always be changed to 644 after cloud-init run. After debug, it is
  caused by cloud-config item:

  ssh_pwauth: true

  The related code is:

  lines = [str(l) for l in new_lines]
  util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

2017-05-16 Thread Launchpad Bug Tracker

This bug was fixed in the package cloud-init -
0.7.9-113-g513e99e0-0ubuntu1~17.04.1

---
cloud-init (0.7.9-113-g513e99e0-0ubuntu1~17.04.1) zesty; urgency=medium

  * debian/update-grub-legacy-ec2: fix early exit failure no /etc/fstab
file. (LP: #1682160)
  * New upstream snapshot.
- nova-lxd: read product_name from environment, not platform.
  (LP: #1685810)
- Fix yum repo config where keys contain array values [Dylan Perry]
- template: Update debian backports template [Joshua Powers]
- rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
- Doc: add additional RTD examples [Joshua Powers]
- Fix growpart for some cases when booted with root=PARTUUID.
  (LP: #1684869)
- pylint: update output style to parseable [Joshua Powers]
- pylint: fix all logging warnings [Joshua Powers]
- CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
  [Syed Mushtaq Ahmed]
- net: kernel lies about vlans not stealing mac addresses, when they do
  [Dimitri John Ledkov] (LP: #1682871)
- ds-identify: Check correct path for "latest" config drive
  [Daniel Watkins] (LP: #1673637)
- doc: Fix example for resolv.conf configuration.  [Jon Grimm]
- Fix examples that reference upstream chef repository.  [Jon Grimm]
- doc: correct grammar and improve clarity in merging documentation.
  [David Tagatac]
- doc: Add missing doc link to snap-config module. [Ryan Harper]
- snap: allows for creating cloud-init snap [Joshua Powers]
- DigitalOcean: assign IPv4ll address to lowest indexed interface.
  [Ben Howard] (LP: #1676908)
- DigitalOcean: configure all NICs presented in meta-data.
  [Ben Howard] (LP: #1676908)
- Remove (and/or fix) URL shortener references [Jon Grimm]
- HACKING.rst: more info on filling out contributors agreement.
- util: teach write_file about copy_mode option
  [Lars Kellogg-Stedman] (LP: #1644064)
- DigitalOcean: bind resolvers to loopback interface.
  [Ben Howard] (LP: #1676908)
- tests: fix AltCloud tests to not rely on blkid (LP: #1636531)

 -- Scott Moser   Thu, 27 Apr 2017 15:09:31 -0400

** Changed in: cloud-init (Ubuntu Zesty)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released
Status in cloud-init source package in Zesty:
  Fix Released
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  Existing security permissions on /etc/ssh/sshd_config file are not honored.

  [Test Case]

  wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
  chmod 755 lxc-proposed-snapshot

  # create config.yaml
  cat config.yaml
  #cloud-config
  ssh_pwauth: true

  name=proposed-test
  for release in xenial yakkety zesty; do \
   ref=$release-proposed;
   lxc-proposed-snapshot --proposed --publish $release $ref;
   lxc init $ref $name;
   lxc file pull $name/etc/ssh/sshd_config .;
   chmod 600 sshd_config;
   lxc file push sshd_config $name/etc/ssh/sshd_config;
   lxc config set $name user.user-data - < config.yml;
   lxc start;
   sleep 10;
   lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
   lxc stop $name;
   lxc delete $name;
  done

  [Regression Potential]
  Minimal as we are now honoring file permissions if an sshd_config file exists.

  [Other Info]

  === End SRU Template ===

  In my deploy image, the default permission of sshd_config file is 600.
  It always be changed to 644 after cloud-init run. After debug, it is
  caused by cloud-config item:

  ssh_pwauth: true

  The related code is:

  lines = [str(l) for l in new_lines]
  util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

2017-05-16 Thread Launchpad Bug Tracker

This bug was fixed in the package cloud-init -
0.7.9-113-g513e99e0-0ubuntu1~16.10.1

---
cloud-init (0.7.9-113-g513e99e0-0ubuntu1~16.10.1) yakkety; urgency=medium

  * debian/update-grub-legacy-ec2: fix early exit failure no /etc/fstab
file. (LP: #1682160)
  * New upstream snapshot.
- nova-lxd: read product_name from environment, not platform.
  (LP: #1685810)
- Fix yum repo config where keys contain array values [Dylan Perry]
- template: Update debian backports template [Joshua Powers]
- rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
- Doc: add additional RTD examples [Joshua Powers]
- Fix growpart for some cases when booted with root=PARTUUID.
  (LP: #1684869)
- pylint: update output style to parseable [Joshua Powers]
- pylint: fix all logging warnings [Joshua Powers]
- CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
  [Syed Mushtaq Ahmed]
- net: kernel lies about vlans not stealing mac addresses, when they do
  [Dimitri John Ledkov] (LP: #1682871)
- ds-identify: Check correct path for "latest" config drive
  [Daniel Watkins] (LP: #1673637)
- doc: Fix example for resolv.conf configuration.  [Jon Grimm]
- Fix examples that reference upstream chef repository.  [Jon Grimm]
- doc: correct grammar and improve clarity in merging documentation.
  [David Tagatac]
- doc: Add missing doc link to snap-config module. [Ryan Harper]
- snap: allows for creating cloud-init snap [Joshua Powers]
- DigitalOcean: assign IPv4ll address to lowest indexed interface.
  [Ben Howard] (LP: #1676908)
- DigitalOcean: configure all NICs presented in meta-data.
  [Ben Howard] (LP: #1676908)
- Remove (and/or fix) URL shortener references [Jon Grimm]
- HACKING.rst: more info on filling out contributors agreement.
- util: teach write_file about copy_mode option
  [Lars Kellogg-Stedman] (LP: #1644064)
- DigitalOcean: bind resolvers to loopback interface.
  [Ben Howard] (LP: #1676908)
- tests: fix AltCloud tests to not rely on blkid (LP: #1636531)

 -- Scott Moser   Thu, 27 Apr 2017 13:38:40 -0400

** Changed in: cloud-init (Ubuntu Yakkety)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Released
Status in cloud-init source package in Zesty:
  Fix Released
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  Existing security permissions on /etc/ssh/sshd_config file are not honored.

  [Test Case]

  wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
  chmod 755 lxc-proposed-snapshot

  # create config.yaml
  cat config.yaml
  #cloud-config
  ssh_pwauth: true

  name=proposed-test
  for release in xenial yakkety zesty; do \
   ref=$release-proposed;
   lxc-proposed-snapshot --proposed --publish $release $ref;
   lxc init $ref $name;
   lxc file pull $name/etc/ssh/sshd_config .;
   chmod 600 sshd_config;
   lxc file push sshd_config $name/etc/ssh/sshd_config;
   lxc config set $name user.user-data - < config.yml;
   lxc start;
   sleep 10;
   lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
   lxc stop $name;
   lxc delete $name;
  done

  [Regression Potential]
  Minimal as we are now honoring file permissions if an sshd_config file exists.

  [Other Info]

  === End SRU Template ===

  In my deploy image, the default permission of sshd_config file is 600.
  It always be changed to 644 after cloud-init run. After debug, it is
  caused by cloud-config item:

  ssh_pwauth: true

  The related code is:

  lines = [str(l) for l in new_lines]
  util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

2017-05-16 Thread Launchpad Bug Tracker

This bug was fixed in the package cloud-init -
0.7.9-113-g513e99e0-0ubuntu1~16.04.1

---
cloud-init (0.7.9-113-g513e99e0-0ubuntu1~16.04.1) xenial-proposed; 
urgency=medium

  * debian/update-grub-legacy-ec2: fix early exit failure no /etc/fstab
file. (LP: #1682160)
  * New upstream snapshot.
- nova-lxd: read product_name from environment, not platform.
  (LP: #1685810)
- Fix yum repo config where keys contain array values [Dylan Perry]
- template: Update debian backports template [Joshua Powers]
- rsyslog: replace ~ with stop [Joshua Powers] (LP: #1367899)
- Doc: add additional RTD examples [Joshua Powers]
- Fix growpart for some cases when booted with root=PARTUUID.
  (LP: #1684869)
- pylint: update output style to parseable [Joshua Powers]
- pylint: fix all logging warnings [Joshua Powers]
- CloudStack: Add NetworkManager to list of supported DHCP lease dirs.
  [Syed Mushtaq Ahmed]
- net: kernel lies about vlans not stealing mac addresses, when they do
  [Dimitri John Ledkov] (LP: #1682871)
- ds-identify: Check correct path for "latest" config drive
  [Daniel Watkins] (LP: #1673637)
- doc: Fix example for resolv.conf configuration.  [Jon Grimm]
- Fix examples that reference upstream chef repository.  [Jon Grimm]
- doc: correct grammar and improve clarity in merging documentation.
  [David Tagatac]
- doc: Add missing doc link to snap-config module. [Ryan Harper]
- snap: allows for creating cloud-init snap [Joshua Powers]
- DigitalOcean: assign IPv4ll address to lowest indexed interface.
  [Ben Howard] (LP: #1676908)
- DigitalOcean: configure all NICs presented in meta-data.
  [Ben Howard] (LP: #1676908)
- Remove (and/or fix) URL shortener references [Jon Grimm]
- HACKING.rst: more info on filling out contributors agreement.
- util: teach write_file about copy_mode option
  [Lars Kellogg-Stedman] (LP: #1644064)
- DigitalOcean: bind resolvers to loopback interface.
  [Ben Howard] (LP: #1676908)
- tests: fix AltCloud tests to not rely on blkid (LP: #1636531)

 -- Scott Moser   Thu, 27 Apr 2017 12:51:04 -0400

** Changed in: cloud-init (Ubuntu Xenial)
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Fix Released
Status in cloud-init source package in Yakkety:
  Fix Committed
Status in cloud-init source package in Zesty:
  Fix Committed
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  Existing security permissions on /etc/ssh/sshd_config file are not honored.

  [Test Case]

  wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
  chmod 755 lxc-proposed-snapshot

  # create config.yaml
  cat config.yaml
  #cloud-config
  ssh_pwauth: true

  name=proposed-test
  for release in xenial yakkety zesty; do \
   ref=$release-proposed;
   lxc-proposed-snapshot --proposed --publish $release $ref;
   lxc init $ref $name;
   lxc file pull $name/etc/ssh/sshd_config .;
   chmod 600 sshd_config;
   lxc file push sshd_config $name/etc/ssh/sshd_config;
   lxc config set $name user.user-data - < config.yml;
   lxc start;
   sleep 10;
   lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
   lxc stop $name;
   lxc delete $name;
  done

  [Regression Potential]
  Minimal as we are now honoring file permissions if an sshd_config file exists.

  [Other Info]

  === End SRU Template ===

  In my deploy image, the default permission of sshd_config file is 600.
  It always be changed to 644 after cloud-init run. After debug, it is
  caused by cloud-config item:

  ssh_pwauth: true

  The related code is:

  lines = [str(l) for l in new_lines]
  util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

2017-05-05 Thread Scott Moser

** Also affects: cloud-init (Ubuntu Zesty)
   Importance: Undecided
   Status: New

** Also affects: cloud-init (Ubuntu Yakkety)
   Importance: Undecided
   Status: New

** Also affects: cloud-init (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: cloud-init (Ubuntu Xenial)
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Yakkety)
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Zesty)
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu Xenial)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Yakkety)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Zesty)
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu Artful)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1644064

Title:
  sshd_config file permission changed to 644 if ssh_pwauth value is true
  or false

Status in cloud-init:
  Fix Committed
Status in cloud-init package in Ubuntu:
  Fix Released
Status in cloud-init source package in Xenial:
  Confirmed
Status in cloud-init source package in Yakkety:
  Confirmed
Status in cloud-init source package in Zesty:
  Confirmed
Status in cloud-init source package in Artful:
  Fix Released

Bug description:
  === Begin SRU Template ===
  [Impact]
  Existing security permissions on /etc/ssh/sshd_config file are not honored.

  [Test Case]

  wget 
https://git.launchpad.net/~smoser/cloud-init/+git/sru-info/plain/bin/lxc-proposed-snapshot
  chmod 755 lxc-proposed-snapshot

  
  # create config.yaml
  cat config.yaml
  #cloud-config
  ssh_pwauth: true

  name=proposed-test
  for release in xenial yakkety zesty; do \
   ref=$release-proposed;
   lxc-proposed-snapshot --proposed --publish $release $ref;
   lxc init $ref $name;
   lxc start $name;
   sleep 10;
   lxc file pull $name/etc/ssh/sshd_config .;
   chmod 600 sshd_config;
   lxc file push sshd_config $name/etc/ssh/sshd_config;
   lxc config set $name user.user-data - < config.yml;
   lxc start;
   sleep 10;
   lxc exec $name ls -ltr /etc/ssh/sshd_config;  # should remain 600
   lxc stop $name;
   lxc delete $name;
  done

  [Regression Potential]
  Minimal as we are now honoring file permissions if an sshd_config file exists.

  [Other Info]

  === End SRU Template ===

  
  In my deploy image, the default permission of sshd_config file is 600. It 
always be changed to 644 after cloud-init run. After debug, it is caused by 
cloud-config item:

  ssh_pwauth: true

  The related code is:

  lines = [str(l) for l in new_lines]
  util.write_file(ssh_util.DEF_SSHD_CFG, "\n".join(lines))
  of file cc_set_passwords.py.

  write_file function use default mask 644 to write sshd_config. So my
  file permission changed.

  It shall be enhanced to read old sshd_config permission and write new
  sshd_config with old permission to avoid security issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1644064/+subscriptions

___
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

[Group.of.nepali.translators] [Bug 1644064] Re: sshd_config file permission changed to 644 if ssh_pwauth value is true or false

5 matches

Site Navigation

Mail list logo

Footer information