Project

General

Profile

action #125750

Updated by okurz 11 months ago

## Motivation 
 openqaw5-xen requires login of root with password over ssh for openQA tests, see https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/openqa/workerconf.sls#L138, hence we can not directly apply https://gitlab.suse.de/openqa/salt-states-openqa/-/blob/master/sshd/sshd_config#L44 

 ``` 
 PermitRootLogin without-password 
 ``` 

 ## Acceptance criteria 
 * **AC1:** openqaw5-xen can be controlled by salt while allowing root-ssh-password login 
 * **AC2:** By default all machines in salt still prevent password authentication in salt 

 ## Suggestions 
 * *Optional:* We could temporarily change to allow password login over ssh 
 * Find a way to allow individual machines root-ssh-password login 
 * *Optional:* Adapt os-autoinst backend to support ssh key login 
 * Ensure by default machines still apply `PermitRootLogin without-password` 

 ## Rollback steps 
 * Add openqaw5-xen back to salt and ensure a high state can be applied while still allowing password login for root on this machine

Back