ssh keys not regenerated on first boot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ec2-init (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: ec2-init
The ssh keys are not being regenerated on first boot in the current ec2/uec images.
Verify by launching 2 instances, and then sshing with:
ssh -i path-to-your-key -o CheckHostIP=no -o StrictHostKeyCh
-o UserKnownHostsF
You'll see that my-knownhosts.txt has the same key for both new instances.
ProblemType: Bug
Architecture: amd64
Date: Wed Jan 13 16:50:23 2010
DistroRelease: Ubuntu 10.04
Ec2AMI: ami-e7f5de93
Ec2AMIManifest: ubuntu-
Ec2Availability
Ec2InstanceType: m1.large
Ec2Kernel: aki-97fdd6e3
Ec2Ramdisk: ari-e5f5de91
Package: ec2-init 0.5.0-0ubuntu3
PackageArchitec
ProcEnviron:
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: ec2-init
Tags: lucid ec2-images
Uname: Linux 2.6.32-301-ec2 x86_64
tags: | added: iso-testing |
I have confirmed that this is an issue for the latest daily Lucid AMI:
ami-5936db30 images- testing- us/ubuntu- lucid-daily- i386-server- 20100113. manifest. xml
ubuntu-
ubuntu@ domU-12- 31-39-04- 08-B2:~ $ ssh-keygen -l -f /etc/ssh/ ssh_host_ rsa_key 66:e3:60: b8:89:fe: d3:65:aa: 7a:77:4e: cd /etc/ssh/ ssh_host_ rsa_key. pub (RSA)
2048 15:46:e4:
ubuntu@ domU-12- 31-39-04- 08-65:~ $ ssh-keygen -l -f /etc/ssh/ ssh_host_ rsa_key 66:e3:60: b8:89:fe: d3:65:aa: 7a:77:4e: cd /etc/ssh/ ssh_host_ rsa_key. pub (RSA)
2048 15:46:e4:
I have confirmed that this is *not* an issue for the released Karmic AMI:
ami-1515f67c images- us/ubuntu- karmic- 9.10-i386- server- 20091027. 1.manifest. xml
ubuntu-
ubuntu@ domU-12- 31-39-02- 60-41:~ $ ssh-keygen -l -f /etc/ssh/ ssh_host_ rsa_key 7d:ba:96: b0:e3:d7: f2:2e:be: 04:24:38: ed /etc/ssh/ ssh_host_ rsa_key. pub (RSA)
2048 33:d7:a2:
ubuntu@ domU-12- 31-39-02- 61-24:~ $ ssh-keygen -l -f /etc/ssh/ ssh_host_ rsa_key 4c:31:9a: c8:f7:c7: f4:b0:6a: 56:e1:97: 78 /etc/ssh/ ssh_host_ rsa_key. pub (RSA)
2048 4e:e1:93:
I did not test the latest daily Karmic AMI, but that should be checked before new Karmic AMIs are released.
I started the importance to "High" since this effectively makes ssh unencrypted to a man in the middle which is a serious security issue for people who care about security. (Yes, I realize that most users don't check fingerprints on EC2, but it should at least be possible to be secure.)