Actions
action #44696
closed[qam] test fails in sshd - user password is weak
Start date:
2018-12-04
Due date:
% Done:
100%
Estimated time:
Difficulty:
Description
Actions
Added by pcervinka about 6 years ago. Updated about 6 years ago.
100%
Description
A note from my end: the password is not 'weak': it is simply missing in the command that would set the password (see echo sshboy: | chpasswd)
the password is supposed to be after sshboy:
dimstar wrote:
A note from my end: the password is not 'weak': it is simply missing in the command that would set the password (see echo sshboy: | chpasswd)
the password is supposed to be after sshboy:
os-autoinst-distri-opensuse/lib/main_common.pm:
sub set_defaults_for_username_and_password {
if (get_var("LIVETEST")) {
$testapi::password = '';
}
$testapi::password = "nots3cr3t";
}
well, well, well
in the past, we had:
user on livecd has no password, hence $testapi::password = '';
sshboy was generated with an explicit password letmein (or a variant thereof)
my $ssh_testman_passwd = "let3me2in1"; # this was not just decoration
Yes, I discovered all that. I changed the password because of the exec_and_insert_password and I'm about to fix that. Please expect the PR later today or tomorrow early morning.
Found bad password based on a dictionary in sle15sp1: https://openqa.suse.de/tests/latest?distri=sle&version=15-SP1&flavor=Installer-DVD&machine=svirt-xen-hvm&test=minimal%2Bbase&arch=x86_64#step/sshd/16
I think it's not about password but about the VirtIO console but I'll look it up.
Thank you for letting me know, @JERiveraMoya
I managed to fix the test for s390x architecture but there's still a problem in one ppc64le testsuite. I asked Petr Vorel to help me with that.
on SLE12 -> SLE12SP2 this tests fails because 'virtio_console' .. You need add hvc0 + console to /etc/securetty