Public bug reported: [Impact] ========
Can't get EC2 instance connect to work on Ubuntu 22.04 due to what seems to be an issue with trust chain verification. This is due to a change in OpenSSL 3.0.2. [Test Plan] =========== To reproduce: - Launch an EC2 instance with the current Ubuntu 22.04 AMI (e.g. ami-0aeb7c931a5a61206 in us-east-2). - Try to connect to it via mssh ubuntu@<instance-id>. - Observe that the command fails with "Permission denied (publickey)." When using the --debug flag with mssh, I see that the public key is pushed successfully, but the remote rejects the connection: ``` ... 2022-05-06 09:10:58,549 - EC2InstanceConnect - DEBUG - Successfully got instance information from EC2 API for <instance-id> ... 2022-05-06 09:10:59,189 - EC2InstanceConnect - DEBUG - Successfully pushed the public key to <instance-id> 2022-05-06 09:10:59,190 - EC2InstanceConnect - DEBUG - Generated command: ssh -o "IdentitiesOnly=yes" -i /var/folders/30/xdglsm2j3tz1rn1n7yygtm7c0000gn/T/tmp33a253uf ubuntu@<ip> ubuntu@<ip>: Permission denied (publickey). 2022-05-06 09:10:59,612 - EC2InstanceConnect - DEBUG - Deleting the private key file: /var/folders/30/xdglsm2j3tz1rn1n7yygtm7c0000gn/T/tmp33a253uf ``` On the instance side, the following error is logged: ``` AuthorizedKeysCommand /usr/share/ec2-instance-connect/eic_run_authorized_keys ubuntu SHA256:wiFxouWj6qQ0aUZ0CAcftWZqNEf3qj2LLicCfGFcQJY failed, status 2 ``` [Where Problems Could Occur] ============================ The package is broken for 22.04 so not a lot of things can go wrong there. However, if the user has done some manual workarounds, it could break that. But chances are less, IMO. \o/ [Upstream Bug and Fix] ====================== https://github.com/aws/aws-ec2-instance-connect-config/issues/38 https://github.com/aws/aws-ec2-instance-connect-config/pull/39 ** Affects: ec2-instance-connect (Ubuntu) Importance: Undecided Assignee: Utkarsh Gupta (utkarsh) Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1973114 Title: Key trust verification fails on Ubuntu 22.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1973114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs