Opened 10 years ago
Closed 10 years ago
#59 closed (fixed)
foam.utah.geniracks.net allows password-based SSH
| Reported by: | chaos@bbn.com | Owned by: | somebody |
|---|---|---|---|
| Priority: | major | Milestone: | IG-ADM-2 |
| Component: | Administration | Version: | SPIRAL5 |
| Keywords: | Cc: | ||
| Dependencies: |
Description
I can login to foam.utah.geniracks.net using my password:
$ ssh -o PubkeyAuthentication=no foam.utah.geniracks.net chaos@foam.utah.geniracks.net's password: Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.2.0-24-generic x86_64) * Documentation: https://help.ubuntu.com/ Last login: Mon Nov 12 10:36:18 2012 from capybara.bbn.com foam,[~],10:37(0)$
InstaGENI servers should disable SSH password access whenever possible, and it should be possible to do without loss of functionality in this case.
Change History (3)
comment:1 Changed 10 years ago by
comment:2 Changed 10 years ago by
Ah hah. I hadn't tested it before, so i didn't have a baseline.
In that case, i'll keep this open to verify against the BBN rack that ours has password auth disabled, then close it.
comment:3 Changed 10 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
This looks good at BBN:
[13:29:07] jbs@anubis:/home/jbs +$ ssh -o PubkeyAuthentication=no foam.instageni.gpolab.bbn.com Permission denied (publickey).
It's still enabled at foam.utah.geniracks.net, but I think the general case works, so I'll close this one out.
Note: See
TracTickets for help on using
tickets.
This falls under the "sites can make their own changes" clause.. :-) I'm doing some testing right now where it's easiest if password auth is on, so it's enabled for the moment. The stock VMs do not have password auth enabled after firstboot.