Disable password auth on dib images

Glean only configures key based authentication credentials. There is no
reason to allow password auth so disable it. This shouldn't be necessary
as no accounts allow password auth in /etc/shadow anyway but this gives
us security in layers like onions and ogres.

Change-Id: Ie17aa901eb3fe7387707a236287a3e880990eeb2
This commit is contained in:
Clark Boylan 2018-08-13 09:08:18 -07:00
parent 885d534fa4
commit 5d81e77e8c
1 changed files with 5 additions and 0 deletions

View File

@ -26,3 +26,8 @@ set -o pipefail
# properly login.
sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \
&& echo "PermitRootLogin Yes" >> /etc/ssh/sshd_config
# NOTE(clarkb): Glean configures ssh keys only and not passwords. Disable
# unnecessary password auth.
sed -i -e '/PasswordAuthentication/d' /etc/ssh/sshd_config \
&& echo "PasswordAuthentication No" >> /etc/ssh/sshd_config