Project

General

Profile

action #43703

[functional][u] openssh: test needs to use key-based login for root

Added by dimstar almost 3 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Bugs in existing tests
Target version:
SUSE QA - Milestone 22
Start date:
2018-11-13
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Motivation

This is a change needed in order to be able to update to openssh 7.9, based on sr
https://build.opensuse.org/request/show/645637

The submit request changes the default configuration of openssh for user root to only permit keybased auth, no longer password auth (as per upstream default).

This breaks the assumptions done in our openQA tests, where at least two tests rely on root/password combo for ssh.

Suggestions

  • A member from QSF-u should be test module maintainer and update the test module

The identified tests, so far, are:

  • sshxterm
  • rsync
  • sshfs

both should switch the logic to be root/keybased auth. As an addition for completion, a test user/password might be added in plus


Related issues

Related to openQA Project - action #44399: Fix assert_script_sudo and script_sudo being called as rootNew2018-11-27

Related to qe-yast - action #45053: Test installation over ssh as root on Tumbleweed with latest update forbidding root-password loginNew2018-12-12

Copied to openQA Tests - coordination #44147: [functional][u][epic] openssh: extend testsRejected2019-02-13

History

#1 Updated by okurz almost 3 years ago

  • Category set to Bugs in existing tests
  • Assignee set to coolo

coolo, as you are the test module maintainer, do you want to adapt the test module or rely on QSF-u?

#2 Updated by okurz almost 3 years ago

  • Subject changed from openssh: test needs to use key-based login for root to [functional][u] openssh: test needs to use key-based login for root
  • Description updated (diff)
  • Status changed from New to Workable
  • Assignee deleted (coolo)
  • Target version set to Milestone 22

I guess that means "no".

#3 Updated by dheidler almost 3 years ago

  • Assignee set to dheidler

#4 Updated by okurz almost 3 years ago

#5 Updated by okurz almost 3 years ago

  • Assignee deleted (dheidler)

dheidler, thank you for taking this. Please keep the effort as small as possible to fix the current failures in the test. I created #44147 for all further testing extension ideas.

#6 Updated by dheidler almost 3 years ago

  • Description updated (diff)

#7 Updated by dheidler almost 3 years ago

The rsync test already has its unique way of dealing with this issue:

assert_script_run("sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config");

#8 Updated by dheidler almost 3 years ago

  • Status changed from Workable to In Progress

#9 Updated by okurz almost 3 years ago

dheidler wrote:

The rsync test already has its unique way of dealing with this issue:

I guess we can do better than this :)

#11 Updated by dheidler almost 3 years ago

  • Assignee set to dheidler

#12 Updated by dheidler almost 3 years ago

  • Status changed from In Progress to Feedback

#13 Updated by dheidler almost 3 years ago

PR got merged.

dimstar:
Now we need the OBS SR accepted as the test will fail without the fix in the SR due to https://bugzilla.opensuse.org/show_bug.cgi?id=1114008

#14 Updated by SLindoMansilla almost 3 years ago

  • Related to action #44399: Fix assert_script_sudo and script_sudo being called as root added

#15 Updated by okurz almost 3 years ago

thank you for even commenting in the SR directly :)

#18 Updated by okurz almost 3 years ago

  • Related to action #45053: Test installation over ssh as root on Tumbleweed with latest update forbidding root-password login added

Also available in: Atom PDF