Bug 1957532 - [cloud-init] From RHEL 82+ cloud-init no longer displays sshd keys fingerprints from instance launched from a backup image
Summary: [cloud-init] From RHEL 82+ cloud-init no longer displays sshd keys fingerprin...
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2021-07-19
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: cloud-init
Version: 8.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: beta
: ---
Assignee: Emanuele Giuseppe Esposito
QA Contact: xiachen
Jiri Herrmann
URL:
Whiteboard:
Depends On:
Blocks: 1963981 1888761 1963982 1970909
TreeView+ depends on / blocked
 
Reported: 2021-05-06 00:41 UTC by David Sedgmen
Modified: 2021-11-10 01:32 UTC (History)
17 users (show)

Fixed In Version: cloud-init-21.1-2.el8
Doc Type: Bug Fix
Doc Text:
.SSH keys are now generated correctly on EC2 instances created from a backup AMI Previously, when creating a new Amazon EC2 instance of RHEL 8 from a backup Amazon Machine Image (AMI), `cloud-init` deleted existing SSH keys on the VM but did not create new ones. Consequently, the VM in some cases could not connect to the host. This problem has been fixed for newly created RHEL 8.5 VMs. For VMs that were upgraded from RHEL 8.4 or earlier, you must work around the issue manually. To do so, edit the `cloud.cfg` file and changing the `ssh_genkeytypes: ~` line to `ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']`. This makes it possible for SSH keys to be deleted and generated correctly when provisioning a RHEL 8 VM in the described circumstances.
Clone Of:
: 1963981 1963982 1970909 (view as bug list)
Environment:
Last Closed: 2021-11-09 18:48:55 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
cloud-init-19.4-11.el8.3.esposem202105211009.noarch.log (363.43 KB, text/plain)
2021-05-24 13:58 UTC, Frank Liang
no flags Details


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2021:4294 0 None None None 2021-11-09 18:49:54 UTC

Comment 6 Masahiro Matsuya 2021-05-10 09:42:08 UTC
I'm working for a customer case with a same problem.

In /lib/systemd/system/cloud-init.service:

 [Unit]
 Wants=sshd-keygen.service
 Before=sshd-keygen.service

sshd-keygen.service doesn't exist. I think it should use the following existing systemd units.


 [Unit]
 Wants=sshd-keygen.target

 Before=sshd-keygen@rsa.service
 Before=sshd-keygen@ed25519.service
 Before=sshd-keygen@ecdsa.service

Comment 7 John Ferlan 2021-05-14 18:59:13 UTC
Assigned to Rick for initial triage per bz process and age of bug created or assigned to virt-maint without triage.

Comment 32 Frank Liang 2021-05-24 13:58:35 UTC
Created attachment 1786392 [details]
cloud-init-19.4-11.el8.3.esposem202105211009.noarch.log

Comment 55 xiachen 2021-06-21 02:05:59 UTC
Tested cloud-init-21.1-2.el8, PASS.

Comment 56 xiachen 2021-07-12 05:59:32 UTC
Move to VERIFIED based on comment#55.

Comment 66 errata-xmlrpc 2021-11-09 18:48:55 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cloud-init bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:4294


Note You need to log in before you can comment on or make changes to this bug.