[Bug 1747705] Re: "ssh_pwauth" always true on CloudStack datasource with password

2018-03-02 Thread Dan Watkins
I can't remember the exact details, but I believe that this change was
landed to support a CloudStack deployment that didn't support SSH keys
at all.  In my ignorance of the broader CloudStack ecosystem, I assumed
that this was true of all CloudStack deployments, so setting it in the
data source made sense (so that people would be able to access their
instances somehow).

Given that my assumption is false, I would be happy with backing out
that setting _provided there is a way for vendors to set it back_.  I
believe backing out the setting will regress existing CloudStack
deployments that expect the current behaviour (and regress them in a
serious way; it would completely deny users' access to their VMs).

Does CloudStack support vendor data[0]?  If it does, then we can ensure
that (a) it's possible to use vendor data to restore the old behaviour,
and (b) we document how people do so.  If it doesn't, then I'd be
hesitant to make this change.


[0] 
https://cwiki.apache.org/confluence/display/CLOUDSTACK/Using+ConfigDrive+for+Metadata%2C+Userdata+and+Password
 suggests "maybe" to me.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747705

Title:
  "ssh_pwauth" always true on CloudStack datasource with password

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1747705/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1747705] Re: "ssh_pwauth" always true on CloudStack datasource with password

2018-03-02 Thread Scott Moser
Shota,
The change that put that behavior in was
 https://git.launchpad.net/cloud-init/commit/?id=e626359a6ea

If I understand what you're asking for correctly, then we would break
ssh access to a system that the Vm template password reset property set.

Does the guest have access to those properties?  Is there any other way
that the creator of the VM could indicate that they wanted password
access only on the console?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747705

Title:
  "ssh_pwauth" always true on CloudStack datasource with password

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1747705/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1747705] Re: "ssh_pwauth" always true on CloudStack datasource with password

2018-03-02 Thread Shota Aratono
HI,

I confirmed that I can override ssh_pwauth value with user-data.
But, it's does not fit for my use case.
Since deploing VM is done by user, I can't control user-data.

I think the best solution is cloud-init don't update PasswordAuthentication in 
/etc/sshd_config
when ssh_pwauth value is 'unchanged'.
As I wrote before, the root cause is CloudStack datasource overwrites 
ssh_pwauth value forcibly.
So I'd like to remove this behavior.

Is it helpful to creating the patch?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747705

Title:
  "ssh_pwauth" always true on CloudStack datasource with password

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1747705/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1747705] Re: "ssh_pwauth" always true on CloudStack datasource with password

2018-02-09 Thread Scott Moser
Hi, thanks for the good bug report.
I believe that you should be able to override the datasource provided config
in user-data.  Try providing user-data as:

#cloud-config
ssh_pwauth: False

Please let me know if that works for you or not.  I do realize that its 
unfortunate to have to do that.  Generally speaking the precedence ordre for 
config in cloud-init is:
  /etc/cloud/cloud.cfg
  /etc/cloud/cloud.cfg.d/*
  data-source provided config (there isnt a lot of these)
  user-provided config (user-data)

** Changed in: cloud-init
   Status: New => Confirmed

** Changed in: cloud-init (Ubuntu)
   Status: New => Confirmed

** Changed in: cloud-init
   Importance: Undecided => Medium

** Changed in: cloud-init (Ubuntu)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747705

Title:
  "ssh_pwauth" always true on CloudStack datasource with password

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1747705/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1747705] Re: "ssh_pwauth" always true on CloudStack datasource with password

2018-02-08 Thread shota.a
** Also affects: ubuntu
   Importance: Undecided
   Status: New

** Package changed: ubuntu => cloud-init (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747705

Title:
  "ssh_pwauth" always true on CloudStack datasource with password

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-init/+bug/1747705/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs