Project

General

Profile

action #93829

[qe-core] default config does not permit password-login for root over ssh

Added by dimstar almost 2 years ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Bugs in existing tests
Target version:
-
Start date:
2021-06-10
Due date:
% Done:

100%

Estimated time:
(Total: 16.00 h)
Difficulty:

Description

As a consequence to fixing https://bugzilla.opensuse.org/show_bug.cgi?id=1173067, openssh now no longer allows RootLogin using password auth on Tumbleweed (and thus also future SLE products inheriting the package from Factory)

We need to rework our tests to either:

  • ssh login as root, and become superuser as needed
  • reconfigure the ssh daemon to permit root login when really needed (e.g. scp cases)

To allow root to login using password, the simplest way is:

echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/root.conf && rcsshd restart

on the sshd host


Subtasks

action #93832: [Tumbleweed][security]tls_389ds_sssd_client: ssh login for root deniedResolvedrfan1

action #93835: [Tumbleweed][security]swtpm_verify: ssh login as root not permittedResolvedrfan1

action #93847: [qe-core]ovs_client: ssh login for root deniedResolved

action #93850: [security] wireguard: ssh login for root deniedResolvedpdostal


Related issues

Related to openQA Tests - action #93949: [Tumbleweed][s390x] test fails in reconnect_mgmt_console because passwords are forbiddenClosed2021-06-14

History

#1 Updated by dimstar almost 2 years ago

  • Related to action #93832: [Tumbleweed][security]tls_389ds_sssd_client: ssh login for root denied added

#2 Updated by dimstar almost 2 years ago

  • Related to action #93835: [Tumbleweed][security]swtpm_verify: ssh login as root not permitted added

#3 Updated by dimstar almost 2 years ago

  • Related to action #93847: [qe-core]ovs_client: ssh login for root denied added

#4 Updated by AdaLovelace almost 2 years ago

The test reconnect_mgmt_console is failing because of the same issue: https://progress.opensuse.org/issues/93949

#5 Updated by AdaLovelace almost 2 years ago

  • Related to action #93949: [Tumbleweed][s390x] test fails in reconnect_mgmt_console because passwords are forbidden added

#6 Updated by okurz over 1 year ago

  • Subject changed from default config does not permit password-login for root over ssh to [qe-core] default config does not permit password-login for root over ssh
  • Status changed from New to Blocked
  • Assignee set to szarate

#7 Updated by slo-gin 6 months ago

This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.

#8 Updated by szarate 4 months ago

  • Status changed from Blocked to Resolved

Closing, thanks Dimstar for bringing it up :D https://suse.slack.com/archives/C02CANHLANP/p1669730215218819

Also available in: Atom PDF