Bug 600768
Summary: | sshd is running during kickstart install and there is no root password | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | François Cami <fdc> | ||||
Component: | anaconda | Assignee: | Anaconda Maintenance Team <anaconda-maint-list> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 13 | CC: | bcl, drjohnson1, edgar.hoch, fdc, pspencer, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | 600765 | Environment: | |||||
Last Closed: | 2010-06-07 14:16:25 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
François Cami
2010-06-05 22:58:35 UTC
No need to CC me. I watch anaconda-maint-list. This is fixed in rawhide, but it's too late for F13. Is there a workaround during kickstart install to either stop (or don't start) sshd or ensure that a password (the one supplied by "rootpw" in the kickstart file) is required? It is a security risk to do installations with an open sshd. Is it possible to do this with an updates image? Thanks in advance! Pass sshd=0 on the kernel cmdline to disable sshd during the install. That does not work. And somebody should change the release FAQs, because there too it mistakenly says that you can pass sshd=0 on the kernel command line. That may work in rawhide or errata versions of anaconda, but not for the Fedora 13 release version. Passing sshd=0 on the kernel command line does NOT work, because it is interpreted as the string '0' not the integer 0, and as a result python evaluates it as true not false. What does work, though, is to pass sshd= on the kernel command line. This assigns the empty string to the sshd flag and then python treats it as false. I've updated https://fedoraproject.org/wiki/Common_F13_bugs Thanks. |