openstack
/
magnum
Code Issues Proposed changes
Browse Source

Merge "[fedora-atomic][k8s]Disable ssh password authentication"

changes/29/680329/1
Zuul 3 years ago committed by Gerrit Code Review
parent
a143ffdef1 3a0a43877a
commit
5ad2003cf6
2 changed files with 9 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
  2. 6
      releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml

3
magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
Unescape View File

@ -43,6 +43,9 @@ Host localhost
EOF
sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
# Security enhancement: Disable password authentication
sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
systemctl restart sshd

6
releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml
Unescape View File

@ -0,0 +1,6 @@
---
security:
- |
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it for security
reasons. It's only effected for fedora atomic images.
Write Preview
Loading…
Cancel
Save