Re: Overriding openssh sshd_config file in custom recipe

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Joshua Watt <jpewhacker@gmail.com>
To: Andreas Enbacka <andreas.enbacka@gasera.fi>, yocto@yoctoproject.org
Subject: Re: Overriding openssh sshd_config file in custom recipe
Date: Fri, 20 Oct 2017 08:03:56 -0500	[thread overview]
Message-ID: <1508504636.2542.5.camel@gmail.com> (raw)
In-Reply-To: <015601d3499e$719866f0$54c934d0$@gasera.fi>

On Fri, 2017-10-20 at 15:24 +0300, Andreas Enbacka wrote:
> Hello,
>  
> I am trying to create a .bbappend file to customize the default
> sshd_config file as part of the default openssh package in Yocto
> Fido. In the custom file I attempt to disable root login access by
> setting the PermitRootLogin to No. However, after building and
> installing the image on the custom SMARC board, the content of the
> sshd_config file still enables login (PermitRootLogin Yes). I have
> checked the content of the installed rootfs before deploying to the
> board, and the content of the sshd_config file is correct (disables
> root login). What could be the cause of this? Is some other process
> modifying the content of the config file?

If "debug-tweaks" is in IMAGE_FEATURES, it will always allow root login
 with an empty password as a post processing step in the filesystem
image generation. See ssh_allow_empty_password in meta/classes/rootfs-
postcommands.bbclass

>  
> Best regards,
> Andreas Enbacka
>

     prev parent reply	other threads:[~2017-10-20 13:03 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-20 12:24 Overriding openssh sshd_config file in custom recipe Andreas Enbacka
2017-10-20 13:03 ` Joshua Watt [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1508504636.2542.5.camel@gmail.com \
    --to=jpewhacker@gmail.com \
    --cc=andreas.enbacka@gasera.fi \
    --cc=yocto@yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.