diff options
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-08-30 18:33:35 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-09-14 03:24:05 +0300 |
commit | 61127a1c5b122fcbc6ac5603b0fe292ee0ca8a12 (patch) | |
tree | 44c3723490af0a5f06a5b259ae872725db8d20f9 /meta-phosphor/recipes-phosphor/console/obmc-console | |
parent | 5e84ab6bd501d67a17bdf5669c18365fa22216ec (diff) | |
download | openbmc-61127a1c5b122fcbc6ac5603b0fe292ee0ca8a12.tar.xz |
obmc-console: Allow SOL over SSH only for admin
Currently SOL over SSH is enabled for all the users.
Restricting the same to admin privilege user only (priv-admin)
for security reasons, without which any user will be
able to establish the connection
Tested:
1. Verified by establishing ssh -p 2200 on priv-admin user
and authentication works as expected
2. verified that non-admin users authentication fails as
expected
(From meta-phosphor rev: 9fe68f9906a99c38758ca9ddaa72432b17841af2)
Change-Id: I7cd4a1a0c6ac85c2df277006192ee2cf6616edd8
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-phosphor/recipes-phosphor/console/obmc-console')
-rw-r--r-- | meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service b/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service index 82ffe7919..abd863a4d 100644 --- a/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service +++ b/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service @@ -5,7 +5,7 @@ Wants=obmc-console@{OBMC_CONSOLE_HOST_TTY}.service [Service] Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" EnvironmentFile={envfiledir}/dropbear -ExecStart=-/usr/bin/env dropbear -i -r ${{DROPBEAR_RSAKEY_DIR}}/dropbear_rsa_host_key -c "/usr/bin/env obmc-console-client" $DROPBEAR_EXTRA_ARGS +ExecStart=-/usr/bin/env dropbear -i -r ${{DROPBEAR_RSAKEY_DIR}}/dropbear_rsa_host_key -c "/usr/bin/env obmc-console-client" -G priv-admin $DROPBEAR_EXTRA_ARGS SyslogIdentifier=dropbear ExecReload={base_bindir}/kill -HUP $MAINPID StandardInput=socket |