Opened 7 years ago

Closed 7 years ago

#59 closed (fixed)

foam.utah.geniracks.net allows password-based SSH

Reported by: chaos@bbn.com Owned by: somebody
Priority: major Milestone: IG-ADM-2
Component: Administration Version: SPIRAL5
Keywords: Cc:
Dependencies:

Description

I can login to foam.utah.geniracks.net using my password:

$ ssh -o PubkeyAuthentication=no foam.utah.geniracks.net
chaos@foam.utah.geniracks.net's password: 
Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-24-generic x86_64)

 * Documentation:  https://help.ubuntu.com/
Last login: Mon Nov 12 10:36:18 2012 from capybara.bbn.com
foam,[~],10:37(0)$ 

InstaGENI servers should disable SSH password access whenever possible, and it should be possible to do without loss of functionality in this case.

Change History (3)

comment:1 Changed 7 years ago by nick.bastin@gmail.com

This falls under the "sites can make their own changes" clause.. :-) I'm doing some testing right now where it's easiest if password auth is on, so it's enabled for the moment. The stock VMs do not have password auth enabled after firstboot.

comment:2 Changed 7 years ago by chaos@bbn.com

Ah hah. I hadn't tested it before, so i didn't have a baseline.

In that case, i'll keep this open to verify against the BBN rack that ours has password auth disabled, then close it.

comment:3 Changed 7 years ago by jbs@bbn.com

Resolution: fixed
Status: newclosed

This looks good at BBN:

[13:29:07] jbs@anubis:/home/jbs
+$ ssh -o PubkeyAuthentication=no foam.instageni.gpolab.bbn.com 
Permission denied (publickey).

It's still enabled at foam.utah.geniracks.net, but I think the general case works, so I'll close this one out.

Note: See TracTickets for help on using tickets.