Project

General

Profile

action #47843

coordination #44147: [functional][u][epic] openssh: extend tests

[functional][u] Extend ssh tests to test that password based root ssh login does *not* work

Added by okurz almost 3 years ago. Updated about 2 years ago.

Status:
Rejected
Priority:
Low
Assignee:
Category:
New test
Target version:
Start date:
2019-02-13
Due date:
% Done:

0%

Estimated time:
Difficulty:

Description

Motivation

#45053 and #44147

Acceptance criteria

  • AC1: Automatic test that verifies that password based root ssh login is prevented on newer products

Suggestions

  • Either extend "console/sshd" or create a new, specific test module
  • Find out which product versions have the according change of SSH included as mentioned in #43703
  • Schedule the module accordingly for the supported openSUSE and SLE products/versions

History

#1 Updated by okurz almost 3 years ago

  • Project changed from QA to openQA Tests
  • Category set to New test
  • Parent task deleted (#45053)

#2 Updated by okurz almost 3 years ago

  • Parent task set to #44147

#3 Updated by okurz almost 3 years ago

  • Status changed from Workable to Blocked
  • Assignee set to okurz

#45053 first

#4 Updated by okurz over 2 years ago

  • Status changed from Blocked to Workable
  • Assignee deleted (okurz)

stupid me, #45053 is blocked by this one, causing a cycle :D

#5 Updated by dheidler over 2 years ago

  • Status changed from Workable to In Progress
  • Assignee set to dheidler

#6 Updated by dheidler over 2 years ago

It seems that a freshly installed tumbleweed is does allow password root login:

PermitRootLogin yes

As upstream has changed the default AFAIK this must have been our decision to patch this to the old behaviour.
Should we reject this ticket?

#7 Updated by okurz over 2 years ago

If a test module is already changing this then just make sure the situation is checked before the change, could very well be that pdostal already included this check in the sshd test module

#8 Updated by dheidler over 2 years ago

I manually installed a TW on a physical machine and it had "PermitRootLogin yes" set.
So it looks like it is the distro's default.

#9 Updated by okurz over 2 years ago

Sounds bad, I suggest to crosscheck if this is intended, e.g. IRC or bug

#11 Updated by dheidler about 2 years ago

  • Status changed from In Progress to Rejected

So it looks as if it was intended.

Also available in: Atom PDF