Linux News Today: Canonical Updates the All-Snap Snappy Ubuntu Images to Remove Misplaced SSH Key
We reported last week that Canonical, through Michael Vogt, informed all users of the Snappy Ubuntu Core operating system for embedded and IoT (Internet of Things) devices about the general availability of new all-snap images.
We’ll take this opportunity to remind our readers interested in the latest Snappy Ubuntu Core technologies that Canonical made some major changes in the new images, which have been made available for the i386 (32-bit), amd64 (64-bit), and Raspberry Pi 2 (ARM) architectures.
Among these improvements, we can mention support for an all-new snap.yaml format, the addition of the “snap” command as a replacement for the “snappy” one, the implementation of a new “snap find” command as a replacement for the “snappy search” one, and the addition of the “ubuntu-core” name for the Raspberry Pi 2 core snap.
At the point in time, Canonical urged Snappy users to reflash their devices with the new all-snap images, but it looks like they forgot a developer’s SSH (Secure Shell) key in those images, which they’ve used to do final QA on the images, as Canonical’s Tyler Hicks reports on February 9, 2016.
The new all-snap images have been rebuilt and are now avaiable for download
“The all-snap development images, announced on 2016-02-03, unintentionally contained a developer’s ssh key in /home/ubuntu/.ssh/authorized_keys and /root/.ssh/authorized_keys. This key was used to do final QA on the images and was mistakenly included in the published images,” said Tyler Hicks, Ubuntu Security Technical Lead at Canonical.
As expected, it appears that only the all-snap images announced on February 3 by Michael Vogt were affected by the issue. However, those images have been rebuilt, the SSH key removed, and all Snappy Ubuntu Core users are urged, again, to reflash their devices with the new all-snap images. Have fun!