#!/bin/bash # Copyright (C) 2011-2013 OpenStack Foundation # Copyright 2016 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or # implied. # # See the License for the specific language governing permissions and # limitations under the License. if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then set -x fi set -eu set -o pipefail # NOTE(pabelanger): Glean configures access for root user, so allow us to # properly login. sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \ && echo "PermitRootLogin yes" >> /etc/ssh/sshd_config # NOTE(clarkb): Glean configures ssh keys only and not passwords. Disable # unnecessary password auth. sed -i -e '/PasswordAuthentication/d' /etc/ssh/sshd_config \ && echo "PasswordAuthentication no" >> /etc/ssh/sshd_config # NOTE(clarkb): SSH scanners may be affecting Zuul ssh connectivity # Default LoginGraceTime is 120. Reduce that to 30 to cycle connections more # quickly. sed -i -e '/LoginGraceTime/d' /etc/ssh/sshd_config \ && echo "LoginGraceTime 30" >> /etc/ssh/sshd_config # NOTE(clarkb): SSH scanners may be affecting Zuul ssh connectivity # Default MaxStartups is 10:30:100 which means after 10 unauthenticated # connections randomly drop 30% of connections with an increasing # percentage until 100 connections is reached. sed -i -e '/MaxStartups/d' /etc/ssh/sshd_config \ && echo "MaxStartups 30:10:100" >> /etc/ssh/sshd_config