action #45053
closed
Test installation over ssh as root on Tumbleweed with latest update forbidding root-password login
Added by okurz about 6 years ago.
Updated 11 months ago.
Description
Motivation¶
I had been thinking about the recent change of ssh to not allow password-based logins for root anymore, we don't offer to give authorized keys to the system during installation, right? So if one selects to not create a user and install over ssh, try to login as root, doomed?
https://build.opensuse.org/request/show/652023 brought in this change into openSUSE Tumbleweed . We already have tests adjusted for this change, we should make sure to cover the ssh-installation test as well
Acceptance criteria¶
- AC1: We have an automatic test skipping user creation, root only, with ssh-based-installation
- AC2: The test ensures we can login after boot of the installed system (or according bugs reported if this is not possible)
Suggestions¶
- Try out a test scenario based on ssh-installation together with ROOTONLY=1, e.g. clone an s390x-zVM installation but set additionally ROOTONLY=1
- Check if normal test modules work in this scenario, e.g. console tests
- Optional (if considered trivial or other test modules fail): Schedule only installation plus individual module(s) checking the login after boot
- Optional (if the above steps do not work because of product issues): Report according bugs and keep this ticket in e.g. "test development" until the bugs are resolved
Further details¶
Could be split among the multiple ACs but probably AC2 is trivial based on what we already have present as tests
- Related to action #43703: [functional][u] openssh: test needs to use key-based login for root added
I would expect that our installation system is built with password root login allowed.
that does not matter, see AC2. The question is if we can log into the installed system
- Due date set to 2019-02-12
pre-fill last sprint in M22 with all tickets within milestone not yet assigned to sprints
- Description updated (diff)
- Status changed from New to Workable
- Due date changed from 2019-02-12 to 2019-02-26
- Target version changed from Milestone 22 to Milestone 23
adjusting milestone date to selected sprint.
@okurz will split the ticket and we can discuss.
- Blocked by action #47846: [functional][y] openSUSE ROOTONLY=1 test added
- Subject changed from [functional][y] Test installation over ssh as root on Tumbleweed with latest update forbidding root-password login to [functional][y][epic] Test installation over ssh as root on Tumbleweed with latest update forbidding root-password login
- Due date set to 2019-03-12
- Status changed from Workable to Blocked
- Priority changed from Low to Normal
- Start date set to 2018-12-12
Going with #47846 first to test if ROOTONLY=1 works on openSUSE. Also I have created a subtask for #44147 to have an actual test for "root password ssh login is prevented". Then we can see if we actually need more.
- Due date deleted (
2019-03-12)
- Target version changed from Milestone 23 to Milestone 26
#47846 is resolved. leaving the rest for the related epic. This will take some time.
- Assignee changed from okurz to riafarov
Move to new QSF-y PO after I moved to the "tools"-team. I mainly checked the subject line so in individual instances you might not agree to take it over completely into QSF-y. Feel free to reassign to me or someone else in this case. Thanks.
- Target version changed from Milestone 26 to Milestone 27
- Target version changed from Milestone 27 to Milestone 28
- Target version changed from Milestone 28 to Milestone 30+
- Target version changed from Milestone 30+ to Milestone 30
bulk moved to M30 for revisiting
- Target version changed from Milestone 30 to future
- Tracker changed from action to coordination
- Status changed from Blocked to New
- Tracker changed from coordination to action
- Project changed from QA (public) to qe-yam
- Subject changed from [functional][y][epic] Test installation over ssh as root on Tumbleweed with latest update forbidding root-password login to Test installation over ssh as root on Tumbleweed with latest update forbidding root-password login
- Assignee deleted (
riafarov)
- Priority changed from Normal to Low
- Status changed from New to Rejected
Also available in: Atom
PDF