Ubuntu
ubuntu-vm-builder package

[SRU] ssh root login broken

Bug #234062 reported by Soren Hansen
6
Affects Status Importance Assigned to Milestone
ubuntu-vm-builder (Ubuntu)
Fix Released
Undecided
Unassigned
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: ubuntu-vm-builder

Due to the way the security update locked the root account, ssh root logins are now not working. It uses "chpasswd -l", but the way the installer does it is using chpasswd to just set root's password to an invalid one, but without actually locking the account.

To test:
1. Create a vm adding "--ssh-key ~/.ssh/id_rsa.pub" to the command line.
2. Start the vm.
3. ssh root@virtualmachine

If it works, it works.

Revision history for this message
Soren Hansen (soren) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ubuntu-vm-builder - 0.6

---------------
ubuntu-vm-builder (0.6) intrepid; urgency=low

  * Release into Ubuntu proper.

ubuntu-vm-builder (0.5ubuntu1~ppa4) intrepid; urgency=low

  [Loic Minier]
  * Call sh -c "$EXEC_SCRIPT" instead of "$EXEC_SCRIPT"; allows to pass
    arguments to the script; also remove check that EXEC_SCRIPT exists.

  [Nick Barcet]
  * Adding an error handler to fix LP: #217950
  * Lots of sanitization to allow for error handler
  * Add an interrupt handler to cleanup if user interrupts script
  * Stop on error in user script to fix LP: #228675
  * --ssh-key adds key to root and --ssh-user-key adds key to user
  * Added --raw option to install on raw devices/files.
    WARNING: the variables used in template files for disk definition have been
    modified. Please insure that locally created templates are updated to
    reflect this change.
  * Add --firstboot and --firstlogin options
  * First login always execute "sudo dpkg-reconfigure console-setup" so
    that the local keyboard setting is taken into account.
  * Adding the --iso parameter to create image from an iso. This requires
    suite and kernel-flavour parameters to match what is available on the iso,
    obviously.
  * Include hostname in default destination directory if defined
  * Do not use a tmpfs by default anymore
  * Place the working directory in the same directory as dest if using --tmp -
  * Added --tmpfs option to specify usage of a tmpfs for the working directory
  * VM specific parameters do not need to be the last ones anymore
  * Unknown parameters now return an error and prints usage
  * Added --overwrite for overwriting of destination directory and libvirt
    domain
  * Added ~/.ubuntu-vm-builder config handling
  * Man page improvements and reorganization

  [Soren Hansen]
  * Fix for LP: #234062 ssh root login broken

ubuntu-vm-builder (0.4ubuntu2~ppa7) hardy; urgency=low

  [ Michael Vogt ]
  * patch the way do_avoid_starting_daemons() to write a policy-rc.d file in
    the same way as pbuilder does (LP: #228372)

  [ Nick Barcet ]
  * Lock the root account by default (LP: #230291)
  * Add ssh keys to the user account and not to root (LP: #230291)
  * Added function do_copy_settings to fix bug LP: #221231
  * Fix missing ipv6 entries in host file (LP: #230299)
  * Fix issue with template arguments fetching (LP: #228268)
  * Create the /etc/apt/sources.list properly (LP: #218195)
  * Use a tmpfs for $WORKINGDIR to avoid case when file system is mounted
    with no suid (LP: #228744)
  * Unproper letters variable initialization (LP: #230312)
  * Option --net failed other than for Class C (LP: #232361)

  [ Loic Minier ]
  * Fix v / --verbose getopt parsing. (LP: #230319)
  * Compute the default ARCH with dpkg --print-architecture. (LP: #230323)
  * Add support for lpia.
    - Allow lpia arch, lpia and lpiacompat kernel flavours.
    - Use http://ports.ubuntu.com/ubuntu-ports as default mirror for lpia.
    - Update help/documentation.
  * Check Release files against the archive keyring; depend on ubuntu-keyring.
    (LP: #230334)

 -- Soren Hansen <email address hidden> Wed, 28 May 2008 11:36:02 +0200

Changed in ubuntu-vm-builder:
status: New → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into -proposed, please test and give feedback here

Changed in ubuntu-vm-builder:
status: New → Fix Committed
Revision history for this message
Michael Vogt (mvo) wrote :

The following change is part of the update from 0.1 to 0.2:

 --ssh-key Add the given ssh public key file (absolute path)
- to root's authorized keys and install openssh-server
+ to user's authorized keys and install openssh-server
                    (WARNING: this has strong security implications)
...
        fi
        # we have a key, add it
        chroot root apt-get install --force-yes -y openssh-server
- mkdir root/root/.ssh
- cp "$SSHKEY" root/root/.ssh/authorized_keys
+ mkdir root/home/$VMUSER/.ssh
+ cp "$SSHKEY" root/home/$VMUSER/.ssh/authorized_keys
+ chroot root chown -R $VMUSER:$VMUSER /home/$VMUSER/.ssh
+}
+

I don't think it is part of this bugfix in particular, but this breaks the behavior between the version of ubuntu-vm-builder in hardy and the behavior of the version in hardy-proposed and is IMHO unsuitable for a SRU.

I also couldn't find a entry in the changelog of 0.1 to 0.2 that indicates this change. The upload breaks ssh login for me.

Thanks,
 Michael

Revision history for this message
Martin Pitt (pitti) wrote :

Copied to hardy-updates.

Changed in ubuntu-vm-builder (Ubuntu Hardy):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Patches

Remote bug watches

Bug watches keep track of this bug in other bug trackers.