We are seeing the following logs on some systems where /dev/console is not functional. It basically leaks the ssh host keys into stdout and into the cloud-init logs:
1453 May 10 22:18:34 localhost cloud-init[1522]: Failed to write to /dev/console
1454 May 10 22:18:34 localhost cloud-init[1522]: ci-info: no authorized SSH keys fingerprints found for user cloud-user.
1455 May 10 22:18:34 localhost cloud-init[1522]: Failed to write to /dev/console
1456 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: #############################################################
1457 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: -----BEGIN SSH HOST KEY FINGERPRINTS-----
1458 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: 256 SHA256:wzIJ5JUdrY3w7yIN9i6Ysq7ZRtrRK/oNpOZNs3SgArQ root@minl-gating-9. 2-0510-qcow2 (ECDSA)
1459 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: 256 SHA256:55cnZvUL/93WoOBq16GP1f7rPTK+b8RVc3rgjcLm+lA root@minl-gating-9. 2-0510-qcow2 (ED25519)
1460 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: 3072 SHA256:mttp9XcdDjQ/cjYB6L27nuTmCwIzxxFIMFu8BEPjNbM root@minl-gating-9 .2-0510-qcow2 (RSA)
1461 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: -----END SSH HOST KEY FINGERPRINTS-----
1462 May 10 22:18:34 localhost cloud-init[1522]: <14>May 10 22:18:34 cloud-init: #############################################################
1463 May 10 22:18:34 localhost cloud-init[1522]: -----BEGIN SSH HOST KEY KEYS-----
1464 May 10 22:18:34 localhost cloud-init[1522]: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKhj+OIpx48WXNjKVovHTPbkcdSnogbuME zX8Vtw+kjPY0kqHQaxcpuhQpIcXmFALVKLP9lRMkCqTf81y4AcF/E= root@minl-gating-9.2-0510-qcow2
1465 May 10 22:18:34 localhost cloud-init[1522]: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxD/xwgiNBD0Bndeo1t7TDUtDv4EMF4dUraHjfrSJoT root@minl-gating-9.2-0510 -qcow2
1466 May 10 22:18:34 localhost cloud-init[1522]: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqZ5OxJJZplWjm66My+bEOYZtXdW5FmjsMV1zlH+GPMudg/pzxusb6iCQGwmNp014dhP Zx2f4cdy0omqAoKBaykRqL+Jjn4es6h4cGZ2Xg/cweTSOVJ24r0pUPJvWe8wETEXYlm81Zw8irrdTQGYz6O5n0RdiZOj42ojs85p71jwPcENPBNpnkkZ+K2Igxg/pkXDwsGFtRZX3/4h2VoX1iVImG vY6GZa/8rTHQciMNfiAGCSgHmdV6YNypmOfJCRehna9oYDv5ZtPSkfqLd1zSnA0YPAptmQ5TcwmiHAzITUBDvQqdBp+xjcUq+G3ft3hYwBLrzvJRlAe7U7KvCnCTR3pQAGXkcUTJlQA2nD+QQPisb0 dejScjmsRaqP9Obzvjy9J9C+gJFGwm5gqZRj5j4gQVuJI9zYOeH34hX87rXtW5vgr7eesvMCXnEIzZkY3r+fFgOqfgx/MAT+u2Rh0n0QjJzgS1mx1ZX7/GMY5+ljjQUFsYF3dRIuyy2vUu+M0= roo t@minl-gating-9.2-0510-qcow2
1467 May 10 22:18:34 localhost cloud-init[1522]: -----END SSH HOST KEY KEYS-----
This is due to the change #1340 .
This is a potential security issue. Can this be fixed?
We are seeing the following logs on some systems where /dev/console is not functional. It basically leaks the ssh host keys into stdout and into the cloud-init logs:
This is due to the change #1340 .
This is a potential security issue. Can this be fixed?