Merge "[fedora-atomic][k8s]Disable ssh password authentication"

This commit is contained in:
Zuul 2019-09-04 09:52:27 +00:00 committed by Gerrit Code Review
commit 5ad2003cf6
2 changed files with 9 additions and 0 deletions

View File

@ -43,6 +43,9 @@ Host localhost
EOF
sed -i '/^PermitRootLogin/ s/ .*/ without-password/' /etc/ssh/sshd_config
# Security enhancement: Disable password authentication
sed -i '/^PasswordAuthentication yes/ s/ yes/ no/' /etc/ssh/sshd_config
systemctl restart sshd

View File

@ -0,0 +1,6 @@
---
security:
- |
Regarding passwords, they could be guessed if there is no
faild-to-ban-like solution. So it'd better to disable it for security
reasons. It's only effected for fedora atomic images.