Browse Source

Merge "[fedora-atomic][k8s]Disable ssh password authentication"

changes/29/680329/1
Zuul 3 years ago committed by Gerrit Code Review
parent
commit
5ad2003cf6
  1. 3
      magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh
  2. 6
      releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml

3
magnum/drivers/common/templates/kubernetes/fragments/start-container-agent.sh

@ -43,6 +43,9 @@ Host localhost
EOF
sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
# Security enhancement: Disable password authentication
sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
systemctl restart sshd

6
releasenotes/notes/disable-ssh-password-authn-f2baf619710e52aa.yaml

@ -0,0 +1,6 @@
---
security:
- |
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it for security
reasons. It's only effected for fedora atomic images.
Loading…
Cancel
Save