Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-1825

Add support for `lock root account` and `allow root ssh login with password`

    • Normal
    • sst_security_compliance
    • ssg_security
    • None
    • False
    • Hide


    • No
    • None
    • None
    • None
    • Release Note Not Required
    • None

      Description of problem:
      Anaconda added option to "Allow root SSH login with password" into GUI to circumvent default change in the SSH. As the `scap-security-guide` profiles in many cases require `PermitRootLogin no`, we are directly countering this option. Given the paradigm that whatever is configured by Anaconda is integrated as a special Anaconda-based check, we need it as well.

      Version-Release number of selected component (if applicable):

      How reproducible:

      Steps to Reproduce:
      1. begin GUI installation of RHEL9
      2. select OSPP profile
      3. create root password, tick "allow root ssh login with password"
      4. start installation
      5. finish installation

      Actual results:
      no issue is encountered, /etc/ssh/sshd_config contains line
      PermitRootLogin no

      Expected results:
      Installation won't start, as there's conflict of requirements

      Additional info:
      Anaconda team plans to add kickstart support via Bug 2033849 into 9.1

            ekolesni Evgeny Kolesnikov
            mhaicman@redhat.com Marek Haicman
            Matej Tyc Matej Tyc
            Release Test Team Release Test Team
            0 Vote for this issue
            5 Start watching this issue