cloud-init team mailing list archive
-
cloud-init team
-
Mailing list archive
-
Message #00213
disabling root
-
To:
cloud-init <cloud-init@xxxxxxxxxxxxxxxxxxx>
-
From:
Robert Schweikert <rjschwei@xxxxxxxx>
-
Date:
Tue, 18 Jun 2019 21:24:02 -0400
-
Autocrypt:
addr=rjschwei@xxxxxxxx; prefer-encrypt=mutual; keydata= mQENBFNXkrABCADLEZufvUtnTs8CvygaUT8U9CMseEilU6MZoTgOQrYANuWNVWT91WweQuiQ psDJWnTZuTD9IRxuNeO4VRbbb0VaVef5IEPWoSrZnGqYuA5NqA9Bo4xwsmm089DEDWZa6+Em hrvaSUcYOnwc7VOKpGrl3ksYG0PWe7fUOHa1WaLVnqWMGGcaa/ljw55sXLh7SrueuD32ZJEl 4uWrPpujs7hjzd0DhdkdPtzFyi43XAC6SS6ksRd7KyGkKJErSwgPuL9oOjfIippstqz7WNJg 7cJQ6qA9NHrc9PcqODLzOXAF3VPRgdO9U2IhE2a3cz9UEucfv3jpMSn33f1M1wSDEsFnABEB AAG0J1JvYmVydCBKIFNjaHdlaWtlcnQgPHJqc2Nod2VpQHN1c2UuY29tPokBOQQTAQIAIwUC U1eTNAIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJEE4FgL32d2UkHZgH/jn+HNIH nXLr/pHRkUQWCZtGbYoDXlk8QomAZiGUj/+2xSbxag45gyaTtEN5eh39jRvBH1RX5B+wJarC LSo/gutl2XGf4ULyldTjX6RMgi9EVgW9+byQuQmDnBSbnpp0QTyV4wxQpkpJ709O+GjRKV7q ktlGhiyYKamOO3v/zIADQcco4gNCel6I/RZWfZJ5BfjwrBZZ+cgdIG2AHCitnhtkJIQ4KP3P +Z6va8xC1M+EiEooZu5aDKUTUu99yvmKr9F2nZigpVZRb/SqXiiZp1s3O1wYtqDzvE5ti4XY 27mLiOTBsNEvDB20RERqEidoHT+WkS8hevKvSGdkmNTgqGO5AQ0EU1eSsAEIAM+5gLM95G0L IyoY01tRdnXAUCeEOzRTHhtPA5eXIvNU9npza2MNxYJI1XJhlUah3RRbqJluoNniA4bZNlcC OQU0Y0WvrYsqYnWGpqp61dDogwZexwGSBXn+4z5QoU6Wfc8XcewcZFLBVcJw0gceu0lbnYJU LfrPEWzLckRXx9ngnTg/GQTtpqDA8Xd+0CIpZEEFXskCE1kKZBRqJ1W+Re5HUelLfpWLsQn5 DuHjLnjCHXFut2RW2pbTqHEK2yAPMMbKm6wJKq7pIMKZ73YcX9205bIRbhYQGyQ1oEVHt5Yx cBdvlkMNWVUsoEvcYpXK4vGBNU1kGneeaSB+MntsFI0AEQEAAYkBHwQYAQIACQUCU1eSsAIb DAAKCRBOBYC99ndlJN7/B/9pg6rRiZWPmm6l1BTbAnHj41GqMFSAMil371rOnG6hNLGZISUe KfnZdzbUAEDlIRUGAE/A30J2gcOP9Y6zKYffWYK4LlFknFZqDJRsjFkzDjsreQJ1jyvkm33O Dmx3QriBq8uFGWP57m34bs88f1Q3V04wNNLPVYoQjlyqU8ggKwUA3TyojmtUV+c0EUe1pzMd SwO7OhIVmE44WI95qTIA4GsnijWhqVUQXbLlMIFUndLGZ2SQNaeNhi5yeMWPveMFcg26MBwQ hHurJAcOfpOzW8bl7u+zQRlftAqhQ4o4n07dz2lPW+nPXdV68SWIbDsUCRWbInersTFXqUjp 4QxK
-
Openpgp:
preference=signencrypt
-
User-agent:
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
Hi,
Had a comment on the behavior with disabling root/setting up ssh login.
The configuration contains:
ssh_pwauth: False
lock-passwd: True
disable_root: True
And the expectation is that
ChallengeResponseAuthentication no
PermitRootLogin no
would be set, which is currently not the case. The user is getting the
desired behavior with:
runcmd:
# Disable root and password SSH login
- sed -i -e '/^PermitRootLogin/s/^.*$/PermitRootLogin no/'
/etc/ssh/sshd_config
- sed -i -e
'/^#ChallengeResponseAuthentication/s/^.*$/ChallengeResponseAuthentication
no/' /etc/ssh/sshd_config
- sed -i -e '/^#PasswordAuthentication/s/^.*$/PasswordAuthentication
no/' /etc/ssh/sshd_config
- systemctl restart sshd
Is this a behior change we might want to make in cloud-init?
Thanks,
Robert
--
Robert Schweikert MAY THE SOURCE BE WITH YOU
Distinguished Architect LINUX
Technical Team Lead Public Cloud
rjschwei@xxxxxxxx
IRC: robjo
Follow ups