a6d4fae070
Update the sshd_config on our test nodes to accomodate what appears to be an increase in ssh scanner traffic. In particular LoginGraceTime defaults to 120 seconds. We reduce that to 30 seconds to cycle connections more quickly. Then we also increase the maximum number of connection startups to 30 from the default of 10. We also reduce the random fail rate from 30% to 10% between 31 and 100 connections. I'm not entirely certain this will fix things, but based on what we've seen from logs it may be what we need to make ssh to test nodes more reliable. Change-Id: Ifacf7d00de157ab2fb60cde990f0b49f03f71415
47 lines
1.7 KiB
Bash
Executable File
47 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
# Copyright (C) 2011-2013 OpenStack Foundation
|
|
# Copyright 2016 Red Hat, Inc.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
|
# implied.
|
|
#
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
# NOTE(pabelanger): Glean configures access for root user, so allow us to
|
|
# properly login.
|
|
sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \
|
|
&& echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
|
|
|
|
# NOTE(clarkb): Glean configures ssh keys only and not passwords. Disable
|
|
# unnecessary password auth.
|
|
sed -i -e '/PasswordAuthentication/d' /etc/ssh/sshd_config \
|
|
&& echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
|
|
|
|
# NOTE(clarkb): SSH scanners may be affecting Zuul ssh connectivity
|
|
# Default LoginGraceTime is 120. Reduce that to 30 to cycle connections more
|
|
# quickly.
|
|
sed -i -e '/LoginGraceTime/d' /etc/ssh/sshd_config \
|
|
&& echo "LoginGraceTime 30" >> /etc/ssh/sshd_config
|
|
|
|
# NOTE(clarkb): SSH scanners may be affecting Zuul ssh connectivity
|
|
# Default MaxStartups is 10:30:100 which means after 10 unauthenticated
|
|
# connections randomly drop 30% of connections with an increasing
|
|
# percentage until 100 connections is reached.
|
|
sed -i -e '/MaxStartups/d' /etc/ssh/sshd_config \
|
|
&& echo "MaxStartups 30:10:100" >> /etc/ssh/sshd_config
|