ssh: Allow ssh authentication only for admin priv

Restrict SSH authentication only for priv-admin users
instead of all privileged users, for security reasons.
This avoids low level privilege user in establishing
a SSH connection

Tested:
1. Verified ssh works fine for any priv-admin user
2. Blocked for all other non-admin users.

(From meta-phosphor rev: f15b0ea6b5a35edfec285aa7e734ff34739c4898)

Change-Id: I5659eb504ed76133cd1b4ade6511d419fb239419
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>

2 files changed, 4 insertions, 1 deletions

diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default
new file mode 100644
index 000000000..b2f1ecc7d
--- /dev/null
+++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default
@@ -0,0 +1 @@
+DROPBEAR_EXTRA_ARGS="-G priv-admin"
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend
index cab454af2..e3749acc9 100644
--- a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend
+++ b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend
@@ -3,4 +3,6 @@
 # to yocto 2.5 or later which will pull in the latest dropbear code.
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 SRC_URI += "file://dropbearkey.service \
-            file://localoptions.h"
+            file://localoptions.h \
+            file://dropbear.default \
+           "