| === rcj is now known as Guest61804 | ||
| === Wulf4 is now known as Wulf | ||
| beaver6675 | Hi | 08:44 |
|---|---|---|
| beaver6675 | ssh_authorized_keys is adding to /root, but disabling only one of the two keys... | 08:44 |
| beaver6675 | ...with "echo 'Please login as the user \"centos\" rather than the user | 08:45 |
| beaver6675 | Should it disable all the keys? | 08:45 |
| beaver6675 | The keys are correctly added to the default user with is centos (on CentOS7 / cloud-init 0,7,5) | 08:46 |
| beaver6675 | root seems to get a malformed authorized_key file | 08:48 |
| beaver6675 | Line #1: no-port-forwarding...Please login as the user...<KEY1> | 08:48 |
| beaver6675 | Line #2: <KEY2> | 08:48 |
| beaver6675 | Should the lines get the "no-port-forwarding...Please login as the user..." prefix? | 08:49 |
| beaver6675 | I meant: Shouldn't all the lines... | 08:50 |
| Wulf | beaver6675: why would you need disabled keys at all? | 08:55 |
| beaver6675 | The authorized_keys are meant for the centos/cloud-user default user | 09:00 |
| beaver6675 | but cloud-init seems to copy the keys to root anyway... | 09:01 |
| beaver6675 | and disables the login using the prefix command... | 09:01 |
| beaver6675 | but it only added the prefix commant to one of the keys... | 09:02 |
| beaver6675 | ...so it happened that the second key could be used to login to the root user... | 09:02 |
| beaver6675 | To be clearer: all the ssh_authorized_keys were added correctly to the default user... | 09:03 |
| beaver6675 | however the keys were also copied to the root user, and supposedly disabled with with a prefix command | 09:03 |
| beaver6675 | which echoed the message Please login as user centos instead of user root | 09:04 |
| beaver6675 | However one of the keys copied to /root/.ssh/authorized_keys was not disabled with this technique | 09:04 |
| Wulf | beaver6675: I think that the keys should not be copied to the root user. | 09:06 |
| beaver6675 | Seems to be a bug...the key was an ECDSA key so the prefix was not prepended... | 09:52 |
| beaver6675 | With two DSA keys, /root/,ssh/authorized looks correct now. | 09:52 |
| bechampion | hey all | 21:34 |
| bechampion | im struggling hard with an issue | 21:34 |
| bechampion | im putting a dumb script on user-data on ec2 , something like " #!/bin/bash touch /tmp/test" | 21:34 |
| bechampion | but it seems to run it only sometimes | 21:35 |
| bechampion | im sure im missing something about how to "sysprep" a default ami | 21:35 |
| bechampion | im using a custom ami (that came from a 14.04 ami ) but im reading that there's some stuff that i have to remove | 21:48 |
| smoser | bechampion, you shouldn't have to remove anything. | 22:40 |
| smoser | but it will only run once "per-instance" by default. | 22:41 |
| smoser | you can change that to run "always" (every boot). but normally thats probalby not what you want. | 22:41 |
| bechampion | thanks , is it ran by root? | 23:02 |
| bechampion | cause im running an s3cmd but it doesn;t log out nothing ... | 23:02 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!