The proposed Fedora 31 change [1] is changing the default SSH configuration to not allow remote root ssh logins using passwords anymore. This will probably require few modifications to the user creation policies in Anaconda to prevent installation of inaccessible systems. One of the solutions for this might be possibility to import public keys from different providers (github/gitlab) during installation (#1466) or some other way to import public keys, if the root logins are needed. I am not sure whether some other policies will need to be changed, but let me know whether you will have some questions here or on the fedora-devel [2]. [1] https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd [2] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/OWEUJANOUFL4CYV3GJVZZQJOUA4QFPKZ/
Martin, can you (or somebody else from Anaconda) clarify what needs to be done for this change to be acceptable from anaconda PoV? From the discussion in fesco issue [1] I understood that the MVP is to have some checkbox that would allow ssh root logins and that would create drop-in service file somehow along these lines: [jjelen@t470s ~]$ cat /etc/systemd/system/sshd.service.d/anaconda.conf [Service] Environment=OPTIONS="-oPermitRootLogin=yes" This will indeed require slight change in the UI/TUI and installer logic, but it should not be too complicated. You also started discussion in the bug #1716551, where you already described what needs to be done. I do not see that bug as a requirement for this change to happen, but as something nice-to-have, which can happen later, but for now, the important thing is to agree on the scope so the change can be discussed in Fesco meeting. [1] https://pagure.io/fesco/issue/2133
(In reply to Jakub Jelen from comment #1) > Martin, can you (or somebody else from Anaconda) clarify what needs to be > done for this change to be acceptable from anaconda PoV? > > From the discussion in fesco issue [1] I understood that the MVP is to have > some checkbox that would allow ssh root logins and that would create drop-in > service file somehow along these lines: > > [jjelen@t470s ~]$ cat /etc/systemd/system/sshd.service.d/anaconda.conf > [Service] > Environment=OPTIONS="-oPermitRootLogin=yes" > > This will indeed require slight change in the UI/TUI and installer logic, > but it should not be too complicated. I plan to start on this soon, so we have it in place well before branching. > > You also started discussion in the bug #1716551, where you already described > what needs to be done. I do not see that bug as a requirement for this > change to happen, but as something nice-to-have, which can happen later, but > for now, the important thing is to agree on the scope so the change can be > discussed in Fesco meeting. Indeed, this is potentially a nice addition, but the override checkbox is what I see as the only must-have at the moment. > > [1] https://pagure.io/fesco/issue/2133
Thank you for the update. I will update the fesco ticket so they have something to base their discussions upon. If I understand it right, this does not affect Workstation installation, since its user creation is handled by the Gnome Initial setup after installation and the sshd is not allowed/installed in this product. Here we are going to focus on the Server installation. Checking the docs [1], there is also the inst.sshd, which allows to set up sshd server during installation and allowing the root logins for monitoring. I think this one will need also some modifications. I am actually not sure how is it used, but it should be taken care of too. [1] https://anaconda-installer.readthedocs.io/en/latest/boot-options.html#inst-sshd
I'd like to express some reservation about the idea of just adding a checkbox to Anaconda - a checkbox makes the user needs to think about "is this something I need or not" - but we're actually adding a checkbox that we think *nobody* should ever check, so that people don't complain that it's missing. The use cases I can think of: * Workstation install - best not to create any users, and let gnome-initial-setup handle creating an admin user. * Workstation install for alternate edition/spin without gnome-initial-setup - just create an admin user * Server install with an admin user - just create an admin user * Server install without an admin user, that is being installed through the Anaconda interactively. Only the last would ever require the checkbox, but it would be clearly better in that case to set a public ssh key (as in the initial comment here) - I think for the rarity of this use case, expecting the public key to be on a web url is reasonable. On the other hand, the last case is *also* the only case where you should set a root password, so it's possible that adding a checkbox to the "set a root password" screen doesn't make things more confusing. Is that where the checkbox would be added?
Thank you for the comment. I would like to advocate here one more use case, when the checking this checkbox might make sense. This is a local throw-away testing VMs, where the security is not a problem and the users just need to connect there and having a root account is the simplest thing to achieve that. Hopefully we will be able to implement also the ssh keys import, teach people to use it and then we can remove the checkbox some time later, but until then, this sounds like the least-intrusive thing we can do for users and for anaconda.
PR: https://github.com/rhinstaller/anaconda/pull/2037
Fixed in a pull request: https://github.com/rhinstaller/anaconda/pull/2042
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to '31'.
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31.
Should we close this bug as it is fixed in Fedora 31 already?