[Compute] Incorrect permissions assigned private ssh key when creating a Linux VM #16843
Comments
dcaro
added
bug
ghost
removed
the
needs-triage
dcaro
added
Compute - VM
Service Attention
|
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Drewm3, @avirishuv. Issue DetailsDescriptionThe ssh private key created when running a command like the following one is saved with incorrect permissions. ssh is expecting permissions to be 600 for the .ssh/privatekey but on MacOs or cloudshell, the file has a 644 permission. Depending on the OS on which this cmdlet is used, the permissions should be adjusted accordingly. Issue script & Debug outputPS /home/damien> ssh -i /home/damien/.ssh/1234567890 azureuser@linuxvm2-31e243.westus.cloudapp.azure.com
load pubkey "/home/damien/.ssh/1234567890": invalid format
The authenticity of host 'linuxvm2-31e243.westus.cloudapp.azure.com (137.135.9.228)' can't be established.
ECDSA key fingerprint is SHA256:xxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'linuxvm2-31e243.westus.cloudapp.azure.com,137.135.9.228' (ECDSA) to the list of known hosts.
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/damien/.ssh/1234567890' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.
Load key "/home/damien/.ssh/1234567890": bad permissions
[email protected]: Permission denied (publickey).Environment dataName Value
---- -----
PSVersion 7.2.1
PSEdition Core
GitCommitId 7.2.1
OS Linux 5.4.0-1065-azure #68~18.04.1-Ubuntu SMP Fri Dec 3 14:08:44 UTC 2021
Platform Unix
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
WSManStackVersion 3.0Module versionsThe environment is cloudshell.Error outputNo response
|
|
hi @oriwolman could you please take a look at this issue? |
|
Looking into this issue. |
|
Still investigating this fix |
|
@Sandido will be looking into this. |
|
I will be looking into this. |
|
@haagha Do you have an update on this item? |
|
Moving Jayla's issues over to me. |
|
I am working with the dev team to get this picked up. |
|
@haagha, should this update be in the current cmdlets now? If not, then when should the fix be available? |
|
@Drewm3 This should be available in the September release. |
|
Please note that this issue did not make the September release. It is now expected to be part of the October release. |
|
This will be released in the Nov release of PowerShell cmdlets because there was no October release. |
|
Feature was released, closing this item. |
Description
The ssh private key created when running a command like the following one is saved with incorrect permissions.
New-AzVM -name LinuxVM -ResourceGroupName "linuxvm" -Image UbuntuLTS -PublicIpAddressName linuxvmip-SshKeyName linuxvmsshkey -GenerateSshKey -Credential $credssh is expecting permissions to be 600 for the .ssh/privatekey but on MacOs or cloudshell, the file has a 644 permission.
Depending on the OS on which this cmdlet is used, the permissions should be adjusted accordingly.
https://github.com/Azure/azure-powershell/blob/main/src/Compute/Compute/Usage/NewAzureSshKey.cs#L78
Issue script & Debug output
Environment data
Module versions
Error output
No response
The text was updated successfully, but these errors were encountered: