What were you trying to do that didn't work?
Group ssh_keys is used to set the the group name for /etc/ssh/ssh_host*key, but the group ssh_keys is missing in rhel-10, so failed to set the /etc/ssh/ssh_host*key group to ssh_keys.
Here is the failed info in the cloud-init.log:
—
2024-04-28 08:41:26,689 - subp.py[DEBUG]: Running command ['ssh-keygen', '-t', 'rsa', '-N', '', '-f', '/etc/ssh/ssh_host_rsa_key'] with allowed return codes [0] (shell=False, capture=True)
2024-04-28 08:41:26,911 - subp.py[DEBUG]: command ['ssh-keygen', '-t', 'rsa', '-N', '', '-f', '/etc/ssh/ssh_host_rsa_key'] took 0.2s to run
2024-04-28 08:41:26,912 - util.py[DEBUG]: Group ssh_keys is not a valid group name
2024-04-28 08:41:26,912 - util.py[DEBUG]: Restoring selinux mode for /etc/ssh (recursive=True)
2024-04-28 08:41:26,919 - subp.py[DEBUG]: Running command ['ssh-keygen', '-t', 'ecdsa', '-N', '', '-f', '/etc/ssh/ssh_host_ecdsa_key'] with allowed return codes [0] (shell=False, capture=True)
2024-04-28 08:41:26,926 - util.py[DEBUG]: Group ssh_keys is not a valid group name
2024-04-28 08:41:26,926 - util.py[DEBUG]: Restoring selinux mode for /etc/ssh (recursive=True)
2024-04-28 08:41:26,930 - subp.py[DEBUG]: Running command ['ssh-keygen', '-t', 'ed25519', '-N', '', '-f', '/etc/ssh/ssh_host_ed25519_key'] with allowed return codes [0] (shell=False, capture=True)
2024-04-28 08:41:26,935 - util.py[DEBUG]: Group ssh_keys is not a valid group name
—
The root should be ssh_keys in below output:
$ ls -l /etc/ssh/ssh_host*key | awk '
{print $1,$4,$9}'Please provide the package NVR for which bug is seen:
cloud-init-24.1.4-2.el10.noarch
RHEL-10.0-20240411.13
How reproducible:
100%
Steps to reproduce
1. Deploy VM with cloud-init
2. Check the /etc/ssh/ssh_host*key group
Expected results
The /etc/ssh/ssh_host*key group should be ssh_keys
Actual results
The /etc/ssh/ssh_host*key group is root
$ ls -l /etc/ssh/ssh_host*key | awk '{print $1,$4,$9}
'
rw------ root /etc/ssh/ssh_host_ecdsa_key
rw------ root /etc/ssh/ssh_host_ed25519_key
rw------ root /etc/ssh/ssh_host_rsa_key
Additional Info
No such issue in rhel-9.5, there is group ssh_keys:
$ getent group | grep ssh_keys
ssh_keys:x:995: