On AWS I have managed to create an AMI with a modified Ubuntu 12.04 LTS amd64. I've added lots of packages and much of our own code and files. The cloud init is still there, and I'm sure should stay. However, it is undermining my automations by re-disabling root at run time, after I enabled it in the original volume that was used to create the snapshot for the AMI.
File /usr/share/pyshared/cloudinit/CloudConfig/cc_ssh.py appears to be connected to this. Since I am not experienced in Python coding, I have no idea what some of the functions it calls are, so I cannot really see what all this script is doing.
I could just add some init script of my own to run afterwards, somewhere, to just undo that and re-enable root. Is there a way, standardized or sanctioned by cloud init, to set a flag to indicate that disabling root login should not be done? Or should I just roll my own solution (later init to put back my own /root/.ssh/authorized_keys file).
I also see that this script is removing old host keys and regenerating new ones. That is something I'd like to keep (therefore I will not need to do this myself).
I also have the SSH listening port number changed to a number other than 22 (and security group set to allow access to that port only from my own IPs). That much did not get changed. This is good.
Best Answer
The code seems to check a
disable_rootboolean configuration value, so I'm guessing that you need to set this in/etc/cloud/cloud.cfg: