action #125750
Updated by okurz 11 months ago
## Motivation openqaw5-xen requires login of root with password over ssh for openQA tests, see https://gitlab.suse.de/openqa/salt-pillars-openqa/-/blob/master/openqa/workerconf.sls#L138, hence we can not directly apply https://gitlab.suse.de/openqa/salt-states-openqa/-/blob/master/sshd/sshd_config#L44 ``` PermitRootLogin without-password ``` ## Acceptance criteria * **AC1:** openqaw5-xen can be controlled by salt while allowing root-ssh-password login * **AC2:** By default all machines in salt still prevent password authentication in salt ## Suggestions * *Optional:* We could temporarily change to allow password login over ssh * Find a way to allow individual machines root-ssh-password login * *Optional:* Adapt os-autoinst backend to support ssh key login * Ensure by default machines still apply `PermitRootLogin without-password` ## Rollback steps * Add openqaw5-xen back to salt and ensure a high state can be applied while still allowing password login for root on this machine