Metadata:

• Operating System: Amazon Linux 2 (2018-10-31+)
• Installation method: install.sh
• AWS CLI Version: –

The most recent update to Amazon Linux 2 introduces their own AuthorizedKeysCommand "to support an upcoming feature to read SSH public keys; from the EC2 instance metadata during the SSH connection process."

Unfortunately this breaks aws-ec2-ssh in the install_configure_sshd.sh step during the install: given that both AuthorizedKeysCommand and AuthorizedKeysCommandUser are predefined, the script will not update the commands, but rather just append them to the file.

sshd's behavior here is to use the first instance of each of these properties, which means logging in with a key stored in IAM is not possible.

Now, I'm not sure if this is something that should be "solved" as part of this project, or if this is behavior that the end-user needs to workaround through e.g. CloudFormation Init.

Any input is appreciated.