Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ncm-ssh: add option prohibit-password to PermitRootLogin parameter #1604

Merged
merged 2 commits into from
Jul 24, 2023
Merged

ncm-ssh: add option prohibit-password to PermitRootLogin parameter #1604

merged 2 commits into from
Jul 24, 2023

Conversation

jouvin
Copy link
Contributor

@jouvin jouvin commented Jul 14, 2023

Fixes #1603

@jouvin jouvin requested review from jrha and stdweird July 14, 2023 07:41
ned21
ned21 previously approved these changes Jul 14, 2023
View reviewed changes
Copy link
Contributor

@ned21 ned21 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be good to switch this from a string to a choice type.

@stdweird
Copy link
Member

fyi @jouvin @ned21 we have switched to #1452 completely

@jouvin
Copy link
Contributor Author

jouvin commented Jul 14, 2023

@stdweird I missed that... It would be good to mark it as deprecated in some way (may be I missed it).... I'll update our configs then.

@ned21
Copy link
Contributor

ned21 commented Jul 15, 2023

Having a separate component has some advantages. In our setup we use filecopy to deliver some .tt files as it takes too long to deploy an rpm, and that means metaconfig depends on filecopy. In some cases we've seen some config have filecopy declare a dependency on a third component and if either filecopy or that 3rd component has any errors, then metaconfig doesn't run and you end up with a machine without sshd, making troubleshooting tedious. The main risk comes from metaconfig having a pre-dep, so if you have a policy to prohibit that then it's probably OK.

@jrha jrha added this to the 23.6 milestone Jul 20, 2023
jrha
jrha previously approved these changes Jul 21, 2023
View reviewed changes
ncm-ssh/src/main/pan/components/ssh/schema.pan Outdated Show resolved Hide resolved
@jouvin jouvin dismissed stale reviews from jrha and ned21 via 2a31d41 July 21, 2023 17:50
@jouvin jouvin force-pushed the ssh_add_prohibit-password branch from 2a31d41 to ff73fe8 Compare July 21, 2023 17:53
@jouvin
Copy link
Contributor Author

jouvin commented Jul 21, 2023

Thanks @jrha for the excellent suggestion, added to the PR

@jouvin @jrha
ncm-ssh: add option prohibit-password to PermitRootLogin parameter
77a5bae 
- Mark  `without-password` deprecated

Fixes quattor#1603

Co-authored-by: James Adams <james@bluezen.co.uk>
@jouvin jouvin force-pushed the ssh_add_prohibit-password branch from ff73fe8 to 77a5bae Compare July 21, 2023 18:04
@jouvin
Copy link
Contributor Author

jouvin commented Jul 21, 2023

I had to remove the last comma in the choice to make panc happy! With the comma, there is syntax error (panc 10.7):

[panc-check-syntax] Encountered: )
[panc-check-syntax] Was expecting one of:
[panc-check-syntax]     <HEREDOC_STRING> ...
[panc-check-syntax]     <SINGLE_QUOTED_STRING> ...
[panc-check-syntax]     <DOUBLE_QUOTED_STRING> ...

@jouvin @jrha
Remove trailing spaces
820f248 
Co-authored-by: James Adams <james@bluezen.co.uk>
@jouvin
Copy link
Contributor Author

jouvin commented Jul 24, 2023

@jrha sorry for missing the trailing whitespaces... I accepted your change. I'm lewfor one month of holidays with limited connectivity and no computer! So feel free to fix problems!

@jrha
Copy link
Member

jrha commented Jul 24, 2023

@jouvin no problem, thanks for the fix! Enjoy your holiday!

@jrha jrha merged commit 2a30d5f into quattor:master Jul 24, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrha jrha jrha left review comments

@ned21 ned21 ned21 left review comments

@stdweird stdweird Awaiting requested review from stdweird

Assignees
No one assigned
Labels
None yet
Milestone
23.6
Development

Successfully merging this pull request may close these issues.

ncm-ssh 21.12.1: prohibit-password value not supported for PermitRootLogin
4 participants
@jouvin @stdweird @ned21 @jrha