From e13a4cffae2239dad64207a158be6b8437d1a6ce Mon Sep 17 00:00:00 2001 From: Paul Belanger Date: Fri, 7 Apr 2017 19:27:26 -0400 Subject: [PATCH] Set PermitRootLogin for sshd_config As we move away from puppet, start managing sshd within DIB. Change-Id: I4335eaa7948428a04cd2b4e73bb7dcc024dd7c97 Signed-off-by: Paul Belanger --- .../post-install.d/89-sshd | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100755 nodepool/elements/infra-package-needs/post-install.d/89-sshd diff --git a/nodepool/elements/infra-package-needs/post-install.d/89-sshd b/nodepool/elements/infra-package-needs/post-install.d/89-sshd new file mode 100755 index 0000000000..4e4c93b5ab --- /dev/null +++ b/nodepool/elements/infra-package-needs/post-install.d/89-sshd @@ -0,0 +1,28 @@ +#!/bin/bash +# Copyright (C) 2011-2013 OpenStack Foundation +# Copyright 2016 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# +# See the License for the specific language governing permissions and +# limitations under the License. + +if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then + set -x +fi +set -eu +set -o pipefail + +# NOTE(pabelanger): Glean configures access for root user, so allow us to +# properly login. +sed -i -e'/PermitRootLogin/d' /etc/ssh/sshd_config \ + && echo "PermitRootLogin Yes" >> /etc/ssh/sshd_config