Page MenuHomeFreeBSD
Differential D49875

nuageinint: implement ssh_pwauth
ClosedPublic
Actions

Authored by bapt on Thu, Apr 17, 4:06 PM.
Tags
None
Referenced Files
F115417175: D49875.diff
Wed, Apr 23, 2:31 PM
F115412289: D49875.diff
Wed, Apr 23, 1:14 PM
F115404753: D49875.diff
Wed, Apr 23, 11:22 AM
Unknown Object (File)
Mon, Apr 21, 6:16 PM
Unknown Object (File)
Mon, Apr 21, 5:05 PM
Unknown Object (File)
Mon, Apr 21, 3:04 PM
Unknown Object (File)
Mon, Apr 21, 7:13 AM
Unknown Object (File)
Mon, Apr 21, 7:00 AM
View All 12 Files
Subscribers
emaste
imp
kevans

Details

Reviewers
kevans
emaste
jlduran
Commits
rGf85d08682782: nuageinint: implement ssh_pwauth
Summary

ssh_pwauth sets the value in sshd_config for the password authentication
This implementation tries to avoid touching the file if cloudinit
request for what is already the default value.

Sponsored by: OVHCloud

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

bapt created this revision.Thu, Apr 17, 4:06 PM
Herald added a subscriber: imp. · View Herald TranscriptThu, Apr 17, 4:06 PM
bapt requested review of this revision.Thu, Apr 17, 4:06 PM
Harbormaster completed remote builds in B63563: Diff 153779.Thu, Apr 17, 4:06 PM
emaste added a subscriber: emaste.Thu, Apr 17, 6:08 PM
emaste added a subscriber: kevans.Thu, Apr 17, 6:11 PM

Looks fine to me. I'll tag @kevans for Lua review.

libexec/nuageinit/tests/nuageinit.sh
497
510
bapt added reviewers: kevans, emaste.Wed, Apr 23, 7:10 AM
bapt edited the summary of this revision. (Show Details)
bapt updated this revision to Diff 154141.Wed, Apr 23, 7:15 AM

address @emaste comment

Harbormaster completed remote builds in B63651: Diff 154141.Wed, Apr 23, 7:15 AM
bapt marked 2 inline comments as done.Wed, Apr 23, 7:15 AM
emaste added a reviewer: jlduran.Wed, Apr 23, 12:24 PM
jlduran accepted this revision.Wed, Apr 23, 2:23 PM

Pedantically, to be on the same page in sshd_config(5):

  1. The first configured value is the one that counts.
  2. Some OSs (macOS)/Linux distros (Debian-based) just add Include /etc/ssh/sshd_config.d/* at the very top of the configuration file, so cloudinit should just create a new file under this directory with the desired settings, and call it a day. I only mention this option, as it is becoming popular (in case anyone has friends in openssh-portable ;-).
  3. I would have rather/also liked to see something like:
# ssh_pwauth: true
printf "#PasswordAuthentication no # Should be ignored\n" > etc/ssh/sshd_config
printf "PasswordAuthentication no # Should change\n" >> etc/ssh/sshd_config
atf_check -o empty -e empty /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
atf_check -o match:"^#PasswordAuthentication no # Should be ignored$" \
    -o match:"^PasswordAuthentication yes$" cat etc/ssh/sshd_config

Regardless, the implementation seems correct.

libexec/nuageinit/nuage.lua
138

Tangentially, to silence luacheck, remove local, as f was already defined on line 92.

This revision is now accepted and ready to land.Wed, Apr 23, 2:23 PM
kevans accepted this revision.Wed, Apr 23, 2:24 PM
Closed by commit rGf85d08682782: nuageinint: implement ssh_pwauth (authored by bapt). · Explain WhyWed, Apr 23, 2:29 PM
This revision was automatically updated to reflect the committed changes.
bapt added a commit: rGf85d08682782: nuageinint: implement ssh_pwauth.

Revision Contents
Changeset List

PathSize
libexec/
nuageinit/
36 lines
7 lines
tests/
54 lines

Diff 154169

View Options

libexec/nuageinit/nuage.lua

Loading...
View Options

libexec/nuageinit/nuageinit

Loading...
View Options

libexec/nuageinit/tests/nuageinit.sh

Loading...