Project

General

Profile

Actions

action #93829

closed

[qe-core] default config does not permit password-login for root over ssh

Added by dimstar over 2 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Bugs in existing tests
Target version:
-
Start date:
2021-06-10
Due date:
% Done:

100%

Estimated time:
(Total: 16.00 h)
Difficulty:

Description

As a consequence to fixing https://bugzilla.opensuse.org/show_bug.cgi?id=1173067, openssh now no longer allows RootLogin using password auth on Tumbleweed (and thus also future SLE products inheriting the package from Factory)

We need to rework our tests to either:

  • ssh login as root, and become superuser as needed
  • reconfigure the ssh daemon to permit root login when really needed (e.g. scp cases)

To allow root to login using password, the simplest way is:

echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/root.conf && rcsshd restart

on the sshd host


Subtasks 4 (0 open4 closed)

action #93832: [Tumbleweed][security]tls_389ds_sssd_client: ssh login for root deniedResolvedrfan12021-06-10

Actions
action #93835: [Tumbleweed][security]swtpm_verify: ssh login as root not permittedResolvedrfan12021-06-10

Actions
action #93847: [qe-core]ovs_client: ssh login for root deniedResolved2021-06-10

Actions
action #93850: [security] wireguard: ssh login for root deniedResolvedpdostal2021-06-10

Actions

Related issues 1 (0 open1 closed)

Related to openQA Tests - action #93949: [Tumbleweed][s390x] test fails in reconnect_mgmt_console because passwords are forbiddenClosed2021-06-14

Actions
Actions #1

Updated by dimstar over 2 years ago

  • Related to action #93832: [Tumbleweed][security]tls_389ds_sssd_client: ssh login for root denied added
Actions #2

Updated by dimstar over 2 years ago

  • Related to action #93835: [Tumbleweed][security]swtpm_verify: ssh login as root not permitted added
Actions #3

Updated by dimstar over 2 years ago

  • Related to action #93847: [qe-core]ovs_client: ssh login for root denied added
Actions #4

Updated by AdaLovelace over 2 years ago

The test reconnect_mgmt_console is failing because of the same issue: https://progress.opensuse.org/issues/93949

Actions #5

Updated by AdaLovelace over 2 years ago

  • Related to action #93949: [Tumbleweed][s390x] test fails in reconnect_mgmt_console because passwords are forbidden added
Actions #6

Updated by okurz over 2 years ago

  • Subject changed from default config does not permit password-login for root over ssh to [qe-core] default config does not permit password-login for root over ssh
  • Status changed from New to Blocked
  • Assignee set to szarate
Actions #7

Updated by slo-gin over 1 year ago

This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.

Actions #8

Updated by szarate about 1 year ago

  • Status changed from Blocked to Resolved

Closing, thanks Dimstar for bringing it up :D https://suse.slack.com/archives/C02CANHLANP/p1669730215218819

Actions

Also available in: Atom PDF