Description of problem: Currently, the Azure appliance allows users to login with root/smartvm credentials unless password authentication is explicitly disabled at the time of VM creation. The root account should be disabled and only allow login with ssh key by default. Version-Release number of selected component (if applicable): cfme-azure-5.6.0.7-1.x86_64.vhd Actual results: Expected results: Additional info:
https://github.com/ManageIQ/manageiq-appliance-build/pull/134
https://github.com/ManageIQ/manageiq-appliance-build/pull/134 has been merged and backported to Darga.
New commit detected on ManageIQ/manageiq-appliance-build/master: https://github.com/ManageIQ/manageiq-appliance-build/commit/b7176c51aa415fe1973c1fcc125de08593a1aacf commit b7176c51aa415fe1973c1fcc125de08593a1aacf Author: Satoe Imaishi <simaishi> AuthorDate: Tue May 24 18:10:01 2016 -0400 Commit: Satoe Imaishi <simaishi> CommitDate: Thu May 26 18:09:28 2016 -0400 Disable password authentication and lock root account for Azure https://bugzilla.redhat.com/show_bug.cgi?id=1339677 kickstarts/partials/post/azure.ks.erb | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
jteehan@localhost openvpn]$ ssh root.119.41 The authenticity of host '23.96.119.41 (23.96.119.41)' can't be established. ECDSA key fingerprint is SHA256:hr8fiYCkRign6oXbTFqMalEsmQJniJoD+efM20Zaa5s. ECDSA key fingerprint is MD5:9a:50:a2:a0:f6:7e:5f:5e:7e:27:b6:14:48:e4:fc:19. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '23.96.119.41' (ECDSA) to the list of known hosts. Permission denied (publickey,gssapi-keyex,gssapi-with-mic). [jteehan@localhost openvpn]$ Moving to Verified for 5.6.0.10
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2016:1348