action #47843
closed
coordination #44147: [functional][u][epic] openssh: extend tests
[functional][u] Extend ssh tests to test that password based root ssh login does *not* work
Added by okurz almost 6 years ago.
Updated over 5 years ago.
Description
Motivation¶
#45053 and #44147
Acceptance criteria¶
- AC1: Automatic test that verifies that password based root ssh login is prevented on newer products
Suggestions¶
- Either extend "console/sshd" or create a new, specific test module
- Find out which product versions have the according change of SSH included as mentioned in #43703
- Schedule the module accordingly for the supported openSUSE and SLE products/versions
- Project changed from QA (public) to openQA Tests (public)
- Category set to New test
- Parent task deleted (
#45053)
- Parent task set to #44147
- Status changed from Workable to Blocked
- Assignee set to okurz
- Status changed from Blocked to Workable
- Assignee deleted (
okurz)
stupid me, #45053 is blocked by this one, causing a cycle :D
- Status changed from Workable to In Progress
- Assignee set to dheidler
It seems that a freshly installed tumbleweed is does allow password root login:
PermitRootLogin yes
As upstream has changed the default AFAIK this must have been our decision to patch this to the old behaviour.
Should we reject this ticket?
If a test module is already changing this then just make sure the situation is checked before the change, could very well be that pdostal already included this check in the sshd test module
I manually installed a TW on a physical machine and it had "PermitRootLogin yes" set.
So it looks like it is the distro's default.
Sounds bad, I suggest to crosscheck if this is intended, e.g. IRC or bug
- Status changed from In Progress to Rejected
So it looks as if it was intended.
Also available in: Atom
PDF