The hex encoded version of the key is also passed to openssl: $ echo abcdef0123456789 | /usr/bin/od -A n -t x1 | /bin/sed ':a;N;$!ba;s/[\n ]//g' 616263646566303132333435363738390a $ aa-decode 616263646566303132333435363738390a Decoded: abcdef0123456789
# Sign a message with a given key # sign [key] [msg] sign () { /usr/bin/printf "${2}" | /usr/bin/openssl dgst -binary -hex -sha256 -mac HMAC -macopt hexkey:"${1}" | /bin/sed 's/.* //' } (See the hexkey: parameter) This appears to come via: AWS_SECRET_ACCESS_KEY=$(/bin/echo "${creds}" | /bin/sed -n 's/.*"SecretAccessKey" : "\(.*\)",/\1/p') which is from: creds=$(/usr/bin/curl -s -f -m 1 -H "X-aws-ec2-metadata-token: ${IMDS_TOKEN}" "http://169.254.169.254/latest/meta-data/identity- credentials/ec2/security-credentials/ec2-instance/") and IMDS_TOKEN appears to come from: IMDS_TOKEN="$(/usr/bin/curl -s -f -m 1 -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token- ttl-seconds: 5")" Replacing the echo binary with a shell built-in wouldn't hide this key well. Can any process on the system simply request such a token itself from the aws metadata service? What does knowledge of this key represent? Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1835114 Title: [MIR] ec2-instance-connect To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ec2-instance-connect/+bug/1835114/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs