action #47843
closedcoordination #44147: [functional][u][epic] openssh: extend tests
[functional][u] Extend ssh tests to test that password based root ssh login does *not* work
0%
Description
Motivation¶
Acceptance criteria¶
- AC1: Automatic test that verifies that password based root ssh login is prevented on newer products
Suggestions¶
- Either extend "console/sshd" or create a new, specific test module
- Find out which product versions have the according change of SSH included as mentioned in #43703
- Schedule the module accordingly for the supported openSUSE and SLE products/versions
Updated by okurz almost 6 years ago
- Project changed from QA (public) to openQA Tests (public)
- Category set to New test
- Parent task deleted (
#45053)
Updated by okurz almost 6 years ago
- Status changed from Workable to Blocked
- Assignee set to okurz
#45053 first
Updated by okurz almost 6 years ago
- Status changed from Blocked to Workable
- Assignee deleted (
okurz)
stupid me, #45053 is blocked by this one, causing a cycle :D
Updated by dheidler over 5 years ago
- Status changed from Workable to In Progress
- Assignee set to dheidler
Updated by dheidler over 5 years ago
It seems that a freshly installed tumbleweed is does allow password root login:
PermitRootLogin yes
As upstream has changed the default AFAIK this must have been our decision to patch this to the old behaviour.
Should we reject this ticket?
Updated by okurz over 5 years ago
If a test module is already changing this then just make sure the situation is checked before the change, could very well be that pdostal already included this check in the sshd test module
Updated by dheidler over 5 years ago
I manually installed a TW on a physical machine and it had "PermitRootLogin yes" set.
So it looks like it is the distro's default.
Updated by okurz over 5 years ago
Sounds bad, I suggest to crosscheck if this is intended, e.g. IRC or bug
Updated by dheidler over 5 years ago
- Status changed from In Progress to Rejected
So it looks as if it was intended.