Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 620318 - root login possible during kickstart via ssh
root login possible during kickstart via ssh
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: anaconda (Show other bugs)
13
All Linux
low Severity medium
: ---
: ---
Assigned To: Ales Kozumplik
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-08-02 03:19 EDT by Ian Donaldson
Modified: 2014-09-30 19:39 EDT (History)
5 users (show)

See Also:
Fixed In Version: anaconda-14.8-1
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-03 04:14:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ian Donaldson 2010-08-02 03:19:24 EDT
Description of problem:

Its possible to ssh into a box during kickstart, as root with no password
required.  This obviously means the box can be easily
compromised during build.


Version-Release number of selected component (if applicable):

anaconda-13.42-1.fc13.i686


How reproducible:

100%


Steps to Reproduce:
1. ssh -l root box
2.
3.
  
Actual results:

box# 


Expected results:

Login denied


This is the same bug as reported for RHEL6 in report 585160, but clearly
the fix needs porting to Fedora too.


Additional info:

What probably should happen is that the login be optionally allowed 
(for debugging kickstart; I find this useful today) but the password
supplied in hash-encrypted form from the pxelinux.cfg parameters, with
a default that allows no login.
Comment 1 Ian Donaldson 2010-08-02 03:26:12 EDT
Oh, just noticed this in 585160...

https://fedoraproject.org/wiki/Anaconda/Kickstart#sshpw

which addresses my suggestion already; just need the default fixed.
Comment 2 Chris Lumens 2010-08-02 09:27:13 EDT
I believe this is already fixed in rawhide, but I can't find the commit offhand to confirm.
Comment 3 Ales Kozumplik 2010-08-03 04:14:04 EDT
Yes,

this has been fixed on the master branch by those commits:
4075fce519f00093f8fba76d51881c4f53bdccbe (fixes the kickstart sshpw command)
eb1a56726289175d236d7366c035d7fe33925918 (makes the ssh parameter work as expected)
2d39422b083cb546e69f713752360915e0f55dd3 (only start ssh with 'sshd' on the command line instead of whenever a KS is specified)

Fedora 14 will have all of those included.
Comment 4 Andrew McNabb 2010-09-03 12:44:25 EDT
This isn't actually fixed in Fedora 13, and this is a HUGE security problem.  Now I'm wondering whether my Fedora 13 box may have been compromised during install.  There is absolutely no way to tell.

Note You need to log in before you can comment on or make changes to this bug.