search

buildkite / elastic-ci-stack-for-aws

An auto-scaling cluster of build agents running in your own AWS VPC
https://buildkite.com/docs/quickstart/elastic-ci-stack-aws
MIT License
414 stars 265 forks source link

Test/verify OS PR to Elastic Stack - clearing SSH keys #1316

Closed 123sarahj123 closed 2 months ago

123sarahj123 commented 2 months ago

This PR is verifying the changes / fix for: https://github.com/buildkite/elastic-ci-stack-for-aws/pull/1312 -> https://github.com/buildkite/elastic-ci-stack-for-aws/issues/1311 raised by Gezi-lzq

@patrobinson and I have:

A big thank you to Gezi-lzq for raising and your contribution! We really appreciate it :) was easier to open up this branch to get it merged.

Describe the bug

The SSH key generated by Packer for provisioning is not being completely removed from the authorized_keys file. This issue was believed to have been addressed in Issue #544 but persists due to the key's presence in the root account's authorized_keys, not just the ec2-user. This incomplete removal contravenes the security policies intended for AMIs.

Steps To Reproduce

To observe the behavior indicative of this issue, one can follow these steps:

Use Packer to provision an AMI.

Access the provisioned instance. Navigate to the ~/.ssh/authorized_keys file for both ec2-user and root. Notice the Packer-generated SSH key remains in the root's authorized_keys.

Expected behavior

The expected behavior was that all Packer-generated SSH keys would be removed from all authorized_keys files (including both ec2-user and root accounts) upon the completion of the provisioning process, leaving no residual keys behind.

Actual behaviour

The actual behavior observed was that while the Packer-generated SSH key was removed from the ec2-user's authorized_keys file, it remained in the root's authorized_keys file, posing a potential security risk.

Solution Approach

To effectively address this issue, it is recommended to leverage the ssh_clear_authorized_keys feature, enabling Packer to automatically remove its temporary SSH key.

Reference: https://developer.hashicorp.com/packer/docs/communicators/ssh

ssh_clear_authorized_keys (bool) - If true, Packer will attempt to remove its temporary key from ~/.ssh/authorized_keys and /root/.ssh/authorized_keys. This is a mostly cosmetic option, since Packer will delete the temporary private key from the host system regardless of whether this is set to true (unless the user has set the -debug flag). Defaults to "false"; currently only works on guests with sed installed.

(As a newcomer to open source, I found the previous issue while searching for a Packer solution, realizing the fix might be incorrect. This prompted me to submit this issue for reassessment.)