** Description changed: [Impact] New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full. [Test Cases] This is manually tested by Amazon: 0) Deploy an Amazon AWS instance with Instance Connect feature enabled 1) Install the ec2-instance-connect package 2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options. 3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service. 4) Purge the ec2-instance-connect package 5) Configure the instance to use IMDSv2 6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3) [Regression Potential] Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service. + + [Other Info] + The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference.
** Description changed: [Impact] New upstream release of the package providing SSH access to instances; available to any AWS users. The most notable new feature is supporting Instance Metadata Service Version 2, but since the release included major rewrite which honored on Security Team's input the package is backported in full. [Test Cases] This is manually tested by Amazon: 0) Deploy an Amazon AWS instance with Instance Connect feature enabled 1) Install the ec2-instance-connect package 2) Verify that the sshd process has been restarted with the changed command-line, now including "AuthorizedKeysCommand*" options. 3) Attempt to connect to the instance using a SSH key that is known by the Instance Connect service. 4) Purge the ec2-instance-connect package 5) Configure the instance to use IMDSv2 6) Install the ec2-instance connect again and verify that is working again (steps 2 and 3) [Regression Potential] Limited to SSH access on instances where the package gets installed. This is a brand new package for a new service provided to AWS customers. In the case of an issue, things to watch out for would be for some keys to not be usable to connect to the instance when they are expected to be, as the list of authorized keys is collated by the service to include both the usual authorized_keys contents, as well as keys provided by the Instance Connect service. [Other Info] The source difference for the SRUs contain a lot of extra files because the source now contains almost the full upstream tarball, but the difference between the binary packages is still minimal and it maybe easier to reviewing that difference. + + Disco SRU is skipped because it goes EOL before the aging of the package + would finish. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1860142 Title: Please update ec2-instance-connect to 1.1.12 release To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1860142/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
