rssLink RSS for all categories
 
icon_red
icon_green
icon_green
icon_red
icon_red
icon_green
icon_green
icon_red
icon_red
icon_red
icon_green
icon_green
icon_green
icon_orange
icon_green
icon_orange
icon_blue
icon_orange
icon_red
icon_red
icon_green
icon_red
icon_green
icon_red
icon_orange
icon_green
icon_green
icon_green
icon_green
icon_green
icon_green
icon_green
icon_green
 

FS#42771 — temporary SSH key

Attached to Project— Distributions et OS
Amélioration
Linux
CLOSED
100%
For the following OS a temporary SSH key used during image creation may remain in autorized_keys file :

Baremetal Servers installation :

Debian 10 : between 2019-12-09 and 2020-01-30
Fedora 30 : between 2020-01-24 and 2020-01-30
Fedora 31 : between 2020-01-29 and 2020-01-30
Proxmox 6 : between 2019-09-23 and 2020-01-30


Public Cloud images :

Centos 7 - Analytics - Ambari pre-warmed
Centos 7 - Analytics - Base image
Centos 7 - Analytics - Guacamole
Centos 7 - Analytics - Kerberos
Centos 7 - Analytics - MySql
NVIDIA GPU Cloud (NGC)


This key is a temporary key generated during image creation and deleted after each build.


Technical detail about image build process :

We use www.packer.io to build images for baremetal and PCI.

For the impacted OS we rely on the builder "openstack" that generates a temporary SSH key to boot and customize the image.

This key is added to /root/.ssh/authorized_keys but by default not purged by packer :

see option : https://www.packer.io/docs/builders/openstack.html#ssh_clear_authorized_keys

"If true, Packer will attempt to remove its temporary key from ~/.ssh/authorized_keys and /root/.ssh/authorized_keys. This is a mostly cosmetic option, since Packer will delete the temporary private key from the host system regardless of whether this is set to true"

The security is not impacted as is key is never stored.

Date:  Tuesday, 04 February 2020, 16:36PM
Reason for closing:  Done