openstack
/
magnum
Code Issues Proposed changes
Browse Source

[fedora-atomic][k8s]Disable ssh password authentication 

Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it
for security reasons.

Task: 36300
Story: 2006413

Change-Id: Ie7534c12612750d9aafd4feae5193b34997b22ff
changes/20/677320/4
Feilong Wang 3 years ago
parent
04fd0470ad
commit
3a0a43877a
2 changed files with 9 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
  2. 6
      releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml

3
magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
Unescape View File

@ -43,6 +43,9 @@ Host localhost
EOF
sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
# Security enhancement: Disable password authentication
sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
systemctl restart sshd

6
releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml
Unescape View File

@ -0,0 +1,6 @@
---
security:
- |
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it for security
reasons. It's only effected for fedora atomic images.
Write Preview
Loading…
Cancel
Save