Differential D975

Disable pam_nologin for SSH connections
ClosedPublic
Actions

Authored by dereckson on Apr 28 2017, 09:42.

Tags

None

Referenced Files

	F33875675: D975.id2508.diff
	Mon, Jun 22, 09:02

	F33875478: D975.id2494.diff
	Mon, Jun 22, 09:00

	F33875438: D975.id2495.diff
	Mon, Jun 22, 09:00

	F33868867: D975.diff
	Mon, Jun 22, 07:20

	F33868848: D975.diff
	Mon, Jun 22, 07:19

	F33839654: D975.diff
	Sun, Jun 21, 23:22

	Unknown Object (File)
	Sat, Jun 20, 10:19

	Unknown Object (File)
	Sat, Jun 20, 08:46

Subscribers

None

Details

Reviewers

Maniphest Tasks

T1194: Disable pam_nologin on Eglide

Commits

rOPS7277030d10a6: Disable pam_nologin for SSH connections

Summary

systemd likes to touch /run/nologin to prevent SSH connections
while not fully initialized, a behavior frowned upon as there
isn't any warranty the file will be removed on system failure.

Furthermore, restrict non root login isn't a solution on servers
where root access isn't possible through SSH.

Fixes T1194.

Test Plan

Running the state on Eglide, output was well the expected diff:

-account    required     pam_nologin.so                                                                                        
+#account    required     pam_nologin.so

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

T1194 (branched from master)

Build Status

Buildable 1520
Build 1768: arc lint + arc unit

Event Timeline

dereckson created this revision.Apr 28 2017, 09:42

Simplify section titles

Sandlayth accepted this revision.Apr 28 2017, 21:12

This revision is now accepted and ready to land.Apr 28 2017, 21:12

Closed by commit rOPS7277030d10a6: Disable pam_nologin for SSH connections (authored by dereckson, committed by dereckson). · Explain WhyApr 29 2017, 13:47

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

roles/

core/

sshd/

19 lines

Diff 2495

roles/core/sshd/init.sls

Loading...