<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-cloud-init.git/cloudinit/config/cc_ssh.py, branch circinus-public-unmaintained</title>
<subtitle> (mirror of https://github.com/vyos/vyos-cloud-init.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=circinus-public-unmaintained</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-cloud-init.git/atom?h=circinus-public-unmaintained'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/'/>
<updated>2022-01-28T18:24:55+00:00</updated>
<entry>
<title>update ssh logs to show ssh private key gens pub and simplify code  (#1221)</title>
<updated>2022-01-28T18:24:55+00:00</updated>
<author>
<name>Steve Weber</name>
<email>steverweber@gmail.com</email>
</author>
<published>2022-01-28T18:24:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=c4e21c7278e839de6bb7fb9c5e34ea5a6114029f'/>
<id>urn:sha1:c4e21c7278e839de6bb7fb9c5e34ea5a6114029f</id>
<content type='text'>
</content>
</entry>
<entry>
<title>Adopt Black and isort (SC-700) (#1157)</title>
<updated>2021-12-16T02:16:38+00:00</updated>
<author>
<name>James Falcon</name>
<email>james.falcon@canonical.com</email>
</author>
<published>2021-12-16T02:16:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf'/>
<id>urn:sha1:bae9b11da9ed7dd0b16fe5adeaf4774b7cc628cf</id>
<content type='text'>
Applied Black and isort, fixed any linting issues, updated tox.ini
and CI.
</content>
</entry>
<entry>
<title>cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083)</title>
<updated>2021-10-27T19:39:05+00:00</updated>
<author>
<name>dermotbradley</name>
<email>dermot_bradley@yahoo.com</email>
</author>
<published>2021-10-27T19:39:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=d77d6bf197ec619f45a2ed81368a6cf408882670'/>
<id>urn:sha1:d77d6bf197ec619f45a2ed81368a6cf408882670</id>
<content type='text'>
When ssh host keys are generated during initial boot the full output of
ssh-keygen, including the randomart for the key, is displayed on the
console for each of the generated key types, which takes up a large
amount of screen output (17 lines per key type).

With this change ssh-keygen output is still displayed by default.

Setting ssh_quiet_keygen to True will prevent ssh-keygen output from
appearing. If only the fingerprints of the host keys should be
displayed then this can be achieved using the existing
emit_keys_to_console and/or ssh_fp_console_blacklist settings.</content>
</entry>
<entry>
<title>cc_ssh.py: fix private key group owner and permissions (#1070)</title>
<updated>2021-10-19T19:32:10+00:00</updated>
<author>
<name>Emanuele Giuseppe Esposito</name>
<email>eesposit@redhat.com</email>
</author>
<published>2021-10-19T19:32:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=ee296ced9c0a61b1484d850b807c601bcd670ec1'/>
<id>urn:sha1:ee296ced9c0a61b1484d850b807c601bcd670ec1</id>
<content type='text'>
When default host keys are created by sshd-keygen (/etc/ssh/ssh_host_*_key)
in RHEL/CentOS/Fedora, openssh it performs the following:

# create new keys
if ! $KEYGEN -q -t $KEYTYPE -f $KEY -C '' -N '' &gt;&amp;/dev/null; then
        exit 1
fi

# sanitize permissions
/usr/bin/chgrp ssh_keys $KEY
/usr/bin/chmod 640 $KEY
/usr/bin/chmod 644 $KEY.pub
Note that the group ssh_keys exists only in RHEL/CentOS/Fedora.

Now that we disable sshd-keygen to allow only cloud-init to create
them, we miss the "sanitize permissions" part, where we set the group
owner as ssh_keys and the private key mode to 640.

According to https://bugzilla.redhat.com/show_bug.cgi?id=2013644#c8, failing
to set group ownership and permissions like openssh does makes the RHEL openscap
tool generate an error.

Signed-off-by: Emanuele Giuseppe Esposito eesposit@redhat.com

RHBZ: 2013644</content>
</entry>
<entry>
<title>docs: fix typo and include sudo for report bugs commands (#1022)</title>
<updated>2021-09-17T13:06:49+00:00</updated>
<author>
<name>Renan Rodrigo</name>
<email>renanrodrigo@canonical.com</email>
</author>
<published>2021-09-17T13:06:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=cb82a4508a4c56c3814fa633166d944762071bcf'/>
<id>urn:sha1:cb82a4508a4c56c3814fa633166d944762071bcf</id>
<content type='text'>
Remove a duplicate "a" in the docs, and change the bug reporting
documentation to tell users to run the commands with sudo.

LP: #1940236</content>
</entry>
<entry>
<title>Support configuring SSH host certificates. (#660)</title>
<updated>2020-11-20T20:59:51+00:00</updated>
<author>
<name>Jonathan Lung</name>
<email>lungj@users.noreply.github.com</email>
</author>
<published>2020-11-20T20:59:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=66b4be8b6da188a0667bd8c86a25155b6f4f3f6c'/>
<id>urn:sha1:66b4be8b6da188a0667bd8c86a25155b6f4f3f6c</id>
<content type='text'>
Existing config writes keys to /etc/ssh after deleting files matching
a glob that includes certificate files. Since sshd looks for
certificates in the same directory as the keys, a host certificate
must be placed in this directory. This update enables the certificate's
contents to be specified along with the keys.

Co-authored-by: jonathan lung &lt;lungj@heresjono.com&gt;
Co-authored-by: jonathan lung &lt;jlung@kepler.space&gt;</content>
</entry>
<entry>
<title>Update the list of valid ssh keys. (#487)</title>
<updated>2020-08-21T16:23:24+00:00</updated>
<author>
<name>Ole-Martin Bratteng</name>
<email>1681525+omBratteng@users.noreply.github.com</email>
</author>
<published>2020-08-21T16:23:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=c73ab5665469a28dec2995b2b15d3462b0a83c4b'/>
<id>urn:sha1:c73ab5665469a28dec2995b2b15d3462b0a83c4b</id>
<content type='text'>
Update ssh_util.py with latest list of keys (from openssh-8.3p1/sshkey.c),

Added keys:
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
sk-ecdsa-sha2-nistp256@openssh.com
sk-ssh-ed25519-cert-v01@openssh.com
sk-ssh-ed25519@openssh.com
ssh-xmss-cert-v01@openssh.com
ssh-xmss@openssh.com

LP: #1877869</content>
</entry>
<entry>
<title>Move subp into its own module. (#416)</title>
<updated>2020-06-08T16:49:12+00:00</updated>
<author>
<name>Scott Moser</name>
<email>smoser@brickies.net</email>
</author>
<published>2020-06-08T16:49:12+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=3c551f6ebc12f7729a2755c89b19b9000e27cc88'/>
<id>urn:sha1:3c551f6ebc12f7729a2755c89b19b9000e27cc88</id>
<content type='text'>
This was painful, but it finishes a TODO from cloudinit/subp.py.

It moves the following from util to subp:
  ProcessExecutionError
  subp
  which
  target_path

I moved subp_blob_in_tempfile into cc_chef, which is its only caller.
That saved us from having to deal with it using write_file
and temp_utils from subp (which does not import any cloudinit things now).

It is arguable that 'target_path' could be moved to a 'path_utils' or
something, but in order to use it from subp and also from utils,
we had to get it out of utils.</content>
</entry>
<entry>
<title>cloud-init: fix capitalisation of SSH (#126)</title>
<updated>2019-12-18T21:22:02+00:00</updated>
<author>
<name>Daniel Watkins</name>
<email>oddbloke@ubuntu.com</email>
</author>
<published>2019-12-18T21:22:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=8116493950e7c47af0ce66fc1bb5d799ce5e477a'/>
<id>urn:sha1:8116493950e7c47af0ce66fc1bb5d799ce5e477a</id>
<content type='text'>
* cc_ssh: fix capitalisation of SSH

* doc: fix capitalisation of SSH

* cc_keys_to_console: fix capitalisation of SSH

* ssh_util: fix capitalisation of SSH

* DataSourceIBMCloud: fix capitalisation of SSH

* DataSourceAzure: fix capitalisation of SSH

* cs_utils: fix capitalisation of SSH

* distros/__init__: fix capitalisation of SSH

* cc_set_passwords: fix capitalisation of SSH

* cc_ssh_import_id: fix capitalisation of SSH

* cc_users_groups: fix capitalisation of SSH

* cc_ssh_authkey_fingerprints: fix capitalisation of SSH
</content>
</entry>
<entry>
<title>doc: update cc_ssh clarify host and auth keys</title>
<updated>2019-12-18T20:58:25+00:00</updated>
<author>
<name>Joshua Powers</name>
<email>josh.powers@canonical.com</email>
</author>
<published>2019-12-18T20:58:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-cloud-init.git/commit/?id=d6fed57d82ac1dfa40dcdf166b0986f1c4321163'/>
<id>urn:sha1:d6fed57d82ac1dfa40dcdf166b0986f1c4321163</id>
<content type='text'>
* Add headers for Authorized and Host key sections, move the authorized
section up as it is probably more relevant.

LP: #1827021</content>
</entry>
</feed>
