Public bug reported:
I've had a look but I can't see any facilities within cloud-init config
system to manipulate the sshd configuration settings.
ISTM that cloud-init should open up sshd to the minimum required by the
users configured by the cloud-init process (or if told to widen it
further).
So password auth should be off unless passwords are specified. key auth
should be off unless keys are retrieved, possibly sshd should not even
be started if there are no users, etc.
At the moment the image I'm generating has password auth switched off in
the default config, but obviously that means if somebody specifies a
passworded user in the cloud-init config, then it won't work.
As an aside is there a general move to do all the 'cloud specific
config' within cloud-init rather than in the image build?
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cloud-init (not installed)
ProcVersionSignature: Ubuntu 3.2.0-30.48-generic 3.2.27
Uname: Linux 3.2.0-30-generic x86_64
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
CheckboxSubmission: 55cafa5b8b82ed224cc59d444cb1fc25
CheckboxSystem: 3e53d3ea5811723345f19eff5070f9ab
Date: Fri Sep 21 09:53:01 2012
InstallationMedia: Ubuntu 11.10 Oneiric Ocelot - Release amd64 (20111012)
SourcePackage: cloud-init
UpgradeStatus: Upgraded to precise on 2012-05-07 (136 days ago)
** Affects: cloud-init (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug precise running-unity
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to cloud-init in Ubuntu.
https://bugs.launchpad.net/bugs/1053893
Title:
cloud-init should be able to switch off password auth in sshd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1053893/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
