Disable password auth on dib images
Glean only configures key based authentication credentials. There is no reason to allow password auth so disable it. This shouldn't be necessary as no accounts allow password auth in /etc/shadow anyway but this gives us security in layers like onions and ogres. Change-Id: Ie17aa901eb3fe7387707a236287a3e880990eeb2
This commit is contained in:
parent
885d534fa4
commit
5d81e77e8c
|
@ -26,3 +26,8 @@ set -o pipefail
|
|||
# properly login.
|
||||
sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \
|
||||
&& echo "PermitRootLogin Yes" >> /etc/ssh/sshd_config
|
||||
|
||||
# NOTE(clarkb): Glean configures ssh keys only and not passwords. Disable
|
||||
# unnecessary password auth.
|
||||
sed -i -e '/PasswordAuthentication/d' /etc/ssh/sshd_config \
|
||||
&& echo "PasswordAuthentication No" >> /etc/ssh/sshd_config
|
||||
|
|
Loading…
Reference in New Issue