1082636 – SSH injection via cloud-init UI goes to root instead of creating cloud-user

Bug 1082636 - SSH injection via cloud-init UI goes to root instead of creating cloud-user

Summary: SSH injection via cloud-init UI goes to root instead of creating cloud-user

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	medium
Target Milestone:	---
Target Release:	3.3.3
Assignee:	Shahar Havivi
QA Contact:	Pavel Novotny
Docs Contact:
URL:
Whiteboard:	virt
Depends On:	1063518
Blocks:
TreeView+	depends on / blocked

Reported:	2014-03-31 14:24 UTC by rhev-integ
Modified:	2014-05-27 09:07 UTC (History)
CC List:	17 users (show)
Fixed In Version:	org.ovirt.engine-root-3.3.0-51
Doc Type:	Bug Fix
Doc Text:	Previously, users were asked to change the root password on virtual machines during their first run even if the root password had been set using the Cloud-Init feature. Users were prompted to log in to virtual machines as the root user to open SSH sessions to the virtual machine when the virtual machine had been initialized using Cloud-Init. Cloud-Init logic has been updated and users are no longer prompted to change the root password or to log in as root.
Clone Of:	1063518
Environment:
Last Closed:	2014-05-27 09:07:47 UTC
oVirt Team:	---
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:0547	0	normal	SHIPPED_LIVE	rhevm 3.3.3 bug fix update	2014-05-27 13:07:15 UTC
oVirt gerrit	26389	0	None	None	None	Never

Comment 1 Sandro Bonazzola 2014-04-09 12:56:22 UTC

All referenced patches have been merged, shouldn't this be on modified?

Comment 3 Pavel Novotny 2014-05-02 14:46:57 UTC

Verified in rhevm-3.3.3-0.51.el6ev.noarch (is36).

SSH public key authentication:
Works fine now for the root user.

In GUI, I put the client's (mine) public SSH key to the run once dialog, checked "Regenerate System SSH Keys" and started the guest.
When the guest was up, I logged in via SSH:
-~-
$ ssh root.30.40
The authenticity of host '10.20.30.40 (10.20.30.40)' can't be established.
ECDSA key fingerprint is 90:26:ac:f4:fa:5f:5d:35:d5:bb:46:1a:2c:c9:ea:02.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.20.30.40' (ECDSA) to the list of known hosts.
Last login: Fri May  2 16:37:27 2014
[root@f19 ~]#
-~-

Resetting the password:
Now there is no message which forces the root user to change the password.

In GUI, I set the root password in the run once dialog and then started the guest.
When the guest was up, I logged in via SSH:
-~-
$ ssh root.60.78
root.60.78's password: 
Last login: Fri May  2 16:38:07 2014
[root@f19 ~]# 
-~-

Comment 5 errata-xmlrpc 2014-05-27 09:07:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2014-0547.html

Note You need to log in before you can comment on or make changes to this bug.