action #47843

action #44147: [functional][u][epic] openssh: extend tests

[functional][u] Extend ssh tests to test that password based root ssh login does *not* work

Added by okurz about 1 year ago. Updated 6 months ago.

Status:RejectedStart date:13/02/2019
Priority:LowDue date:
Assignee:dheidler% Done:

0%

Category:New test
Target version:QA - future
Difficulty:
Duration:

Description

Motivation

#45053 and #44147

Acceptance criteria

  • AC1: Automatic test that verifies that password based root ssh login is prevented on newer products

Suggestions

  • Either extend "console/sshd" or create a new, specific test module
  • Find out which product versions have the according change of SSH included as mentioned in #43703
  • Schedule the module accordingly for the supported openSUSE and SLE products/versions

History

#1 Updated by okurz about 1 year ago

  • Project changed from QA to openQA Tests
  • Category set to New test
  • Parent task deleted (#45053)

#2 Updated by okurz about 1 year ago

  • Parent task set to #44147

#3 Updated by okurz 12 months ago

  • Status changed from Workable to Blocked
  • Assignee set to okurz

#45053 first

#4 Updated by okurz 12 months ago

  • Status changed from Blocked to Workable
  • Assignee deleted (okurz)

stupid me, #45053 is blocked by this one, causing a cycle :D

#5 Updated by dheidler 6 months ago

  • Status changed from Workable to In Progress
  • Assignee set to dheidler

#6 Updated by dheidler 6 months ago

It seems that a freshly installed tumbleweed is does allow password root login:

PermitRootLogin yes

As upstream has changed the default AFAIK this must have been our decision to patch this to the old behaviour.
Should we reject this ticket?

#7 Updated by okurz 6 months ago

If a test module is already changing this then just make sure the situation is checked before the change, could very well be that pdostal already included this check in the sshd test module

#8 Updated by dheidler 6 months ago

I manually installed a TW on a physical machine and it had "PermitRootLogin yes" set.
So it looks like it is the distro's default.

#9 Updated by okurz 6 months ago

Sounds bad, I suggest to crosscheck if this is intended, e.g. IRC or bug

#11 Updated by dheidler 6 months ago

  • Status changed from In Progress to Rejected

So it looks as if it was intended.

Also available in: Atom PDF