openstack/magnum
Code Issues Proposed changes

[fedora-atomic][k8s]Disable ssh password authentication

Browse Source 
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it
for security reasons.

Task: 36300
Story: 2006413

Change-Id: Ie7534c12612750d9aafd4feae5193b34997b22ff
This commit is contained in:
Feilong Wang
2019-08-20 10:50:24 +12:00
parent 04fd0470ad
commit 3a0a43877a
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
View File

@@ -43,6 +43,9 @@ Host localhost
EOF EOF
sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
# Security enhancement: Disable password authentication
sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
systemctl restart sshd systemctl restart sshd

6
releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
security:
- |
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it for security
reasons. It's only effected for fedora atomic images.