![]() Local OpenLDAP and WAD servers are being used for k8s api and SSH authentication. We need the ability to disallow SSH authentication for selective users. As part of the solution, we create a Linux group where all ldap users with "denied ssh access" will be added. This commit sets the group for "denied ssh access" in the sshd configuration file "/etc/ssh/sshd_config". Test Plan: PASS: Debian image gets successfully installed in AIO-SX system. PASS: Verify the Linux group has been created and the sshd configuration file was updated with denied ssh access for that group. PASS: Create an openldap user and add to the "deny ssh access" group. Verify that the user cannot ssh. PASS: Create a WAD group with the same name and gidNumber as the Linux group for "deny ssh access". Create a WAD user in this group. Validate that the new WAD user in the "deny ssh group" cannot ssh to stx platform. PASS: Remove the WAD user from the WAD "deny ssh access" group. Validate that now the user can have ssh access to stx platform. PASS: Remove the openldap user from the Linux "deny ssh access" group. Validate that now the user can have ssh access to stx platform. Story: 2010589 Task: 48231 Depends-On: https://review.opendev.org/c/starlingx/stx-puppet/+/886150 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: If96f3f52cb10a8c32df5b777ba7c85f33edb3f96 |
||
---|---|---|
.. | ||
centos | ||
debian | ||
files | ||
source-debian |