Differential D975

Disable pam_nologin for SSH connections
ClosedPublic
Actions

Authored by dereckson on Apr 28 2017, 09:42.

Tags

None

Referenced Files

	F26408556: D975.id2494.diff
	Wed, Apr 22, 16:13

	F26399526: D975.id2495.diff
	Wed, Apr 22, 14:19

	F26383378: D975.id2508.diff
	Wed, Apr 22, 11:00

	Unknown Object (File)
	Mon, Apr 20, 20:07

	Unknown Object (File)
	Mon, Apr 20, 17:14

	Unknown Object (File)
	Mon, Apr 20, 13:38

	Unknown Object (File)
	Mon, Apr 20, 12:12

	Unknown Object (File)
	Sat, Apr 18, 08:23

Subscribers

None

Details

Reviewers

Maniphest Tasks

T1194: Disable pam_nologin on Eglide

Commits

rOPS7277030d10a6: Disable pam_nologin for SSH connections

Summary

systemd likes to touch /run/nologin to prevent SSH connections
while not fully initialized, a behavior frowned upon as there
isn't any warranty the file will be removed on system failure.

Furthermore, restrict non root login isn't a solution on servers
where root access isn't possible through SSH.

Fixes T1194.

Test Plan

Running the state on Eglide, output was well the expected diff:

-account    required     pam_nologin.so                                                                                        
+#account    required     pam_nologin.so

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

T1194 (branched from master)

Build Status

Buildable 1520
Build 1768: arc lint + arc unit

Event Timeline

dereckson created this revision.Apr 28 2017, 09:42

Simplify section titles

Sandlayth accepted this revision.Apr 28 2017, 21:12

This revision is now accepted and ready to land.Apr 28 2017, 21:12

Closed by commit rOPS7277030d10a6: Disable pam_nologin for SSH connections (authored by dereckson, committed by dereckson). · Explain WhyApr 29 2017, 13:47

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

roles/

core/

sshd/

19 lines

Diff 2495

roles/core/sshd/init.sls

Loading...