Packer temporary keypair not removed from ~/.ssh/authorized_keys (AWS AMI) #3775
Labels
builder/amazon
invalid
Out of scope/alignment with the project, or issue is expected, intended behavior
After I create an AMI with packer based on the Amazon Linux AMI, if I launch an instance of that AMI and ssh in, I'm seeing the temporary packer keypair in the
~/.ssh/authorized_keys
file, which is a security hole. I was expecting that file to be deleted before the AMI was saved.I was able to workaround this by explicitly deleting
~/.ssh/authorized_keys
in the packer template (details below)Packer Version
Packer v0.10.0
Host platform
CentOS Linux release 7.2.1511 (Core)
Debug log output from
PACKER_LOG=1 packer build template.json
.Here is the packer output:
https://gist.github.com/tleyden/4cc13b530f08bcaef04f5233bf43daee
Sorry, I didn't do PACKER_LOG=1, but can re-run if necessary
The simplest example template and scripts needed to reproduce the bug
Template: https://github.com/couchbase/build/blob/2afdc7329faaa6a2f25befda59509b70a4a38349/scripts/jenkins/mobile/ami/sync-gateway.json
Script:
Using the Jenkins Packer plugin and passing variables into packer via:
Workaround
I added the following provisioner to the packer template:
and after launching the AMI, it only contained the key chosen in the AWS "launch instance" wizard, and not the packer temporary keypair.
The text was updated successfully, but these errors were encountered: