change, and make configurable the prefix for entries in root authorized_keys

This makes the prefix for entries added to root's authorized keys 
configurable.  Previously, the value was:
   command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".\';echo;sleep 10\""

Now, at is configurable in cloud.cfg or user data by setting
'root_disabled_opts'.

Additionally, the default has been changed to include 
'no-port-forwarding,no-agent-forwarding,no-X11-forwarding'
See LP: #798505 for more information on that.

Note, that 'no-pty' was *not* added to this list as adding it means the
user who simply does 'ssh root@host' gets a "cannot allocate pty" message
rather than seeing warning about using root.

LP: #798505

1 files changed, 9 insertions, 0 deletions

diff --git a/doc/examples/cloud-config.txt b/doc/examples/cloud-config.txt
index e1ccf9f5..b72cab48 100644
--- a/doc/examples/cloud-config.txt
+++ b/doc/examples/cloud-config.txt
@@ -271,6 +271,15 @@ byobu_by_default: system
 # default: true
 disable_root: false
 
+# disable_root_opts: the value of this variable will prefix the
+# respective key in /root/.ssh/authorized_keys if disable_root is true
+# see 'man authorized_keys' for more information on what you can do here
+#
+# The string '$USER' will be replaced with the username of the default user
+#
+# disable_root_opts: no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"$USER\" rather than the user \"root\".';echo;sleep 10"
+
+
 # set the locale to a given locale
 # default: en_US.UTF-8
 locale: en_US.UTF-8