cloud-init icon indicating copy to clipboard operation
cloud-init copied to clipboard
verified publisher icon canonical

fix: respect SSH key options for the root user

Open sbraz opened this issue 1 month ago • 2 comments

Proposed Commit Message

fix: respect SSH key options for the root user

When no user is provided in the datasource and root login is not
disabled, the root user is configured.
Before this fix, SSH key options passed in the key line were silently
ignored.
This is what happens:
* `apply_credentials` passes `options=""` to `setup_user_keys`:
  https://github.com/canonical/cloud-init/blob/25.3/cloudinit/config/cc_ssh.py#L257
* `setup_user_keys` receives the empty parameter and passes it to the
  `parse` function:
  https://github.com/canonical/cloud-init/blob/25.3/cloudinit/ssh_util.py#L463
* The `parse` function decides whether options from the key line need to
  be overridden by the `options` parameter. That's where the fix is
  required. Any falsy `options` parameter should be treated like `None`,
  otherwise options from the key line are ignored.

Fixes: GH-3868

Additional Context

The fix is the same as that from #871, with tests added.

Everything else is in the commit message which I'll repeat here to get working links: fix: respect SSH key options for the root user

When no user is provided in the datasource and root login is not disabled, the root user is configured. Before this fix, SSH key options passed in the key line were silently ignored. This is what happens:

  • apply_credentials passes options="" to setup_user_keys: https://github.com/canonical/cloud-init/blob/25.3/cloudinit/config/cc_ssh.py#L257
  • setup_user_keys receives the empty parameter and passes it to the parse function: https://github.com/canonical/cloud-init/blob/25.3/cloudinit/ssh_util.py#L463
  • The parse function decides whether options from the key line need to be overridden by the options parameter. That's where the fix is required. Any falsy options parameter should be treated like None, otherwise options from the key line are ignored.

Fixes: GH-3868

Test Steps

Run the test suite.

Merge type

  • [x] Squash merge using "Proposed Commit Message"
  • [ ] Rebase and merge unique commits. Requires commit messages per-commit each referencing the pull request number (#<PR_NUM>)

sbraz avatar Nov 25 '25 04:11 sbraz

Hello! Thank you for this proposed change to cloud-init. This pull request is now marked as stale as it has not seen any activity in 14 days. If no activity occurs within the next 7 days, this pull request will automatically close.

If you are waiting for code review and you are seeing this message, apologies! Please reply, tagging blackboxsw, and he will ensure that someone takes a look soon.

(If the pull request is closed and you would like to continue working on it, please do tag blackboxsw to reopen it.)

github-actions[bot] avatar Dec 10 '25 00:12 github-actions[bot]

Hi @blackboxsw, could you please look into this?

sbraz avatar Dec 10 '25 00:12 sbraz