From 61127a1c5b122fcbc6ac5603b0fe292ee0ca8a12 Mon Sep 17 00:00:00 2001 From: Richard Marian Thomaiyar Date: Fri, 30 Aug 2019 21:03:35 +0530 Subject: obmc-console: Allow SOL over SSH only for admin Currently SOL over SSH is enabled for all the users. Restricting the same to admin privilege user only (priv-admin) for security reasons, without which any user will be able to establish the connection Tested: 1. Verified by establishing ssh -p 2200 on priv-admin user and authentication works as expected 2. verified that non-admin users authentication fails as expected (From meta-phosphor rev: 9fe68f9906a99c38758ca9ddaa72432b17841af2) Change-Id: I7cd4a1a0c6ac85c2df277006192ee2cf6616edd8 Signed-off-by: Richard Marian Thomaiyar Signed-off-by: Brad Bishop --- .../recipes-phosphor/console/obmc-console/obmc-console-ssh@.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'meta-phosphor') diff --git a/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service b/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service index 82ffe7919..abd863a4d 100644 --- a/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service +++ b/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service @@ -5,7 +5,7 @@ Wants=obmc-console@{OBMC_CONSOLE_HOST_TTY}.service [Service] Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear" EnvironmentFile={envfiledir}/dropbear -ExecStart=-/usr/bin/env dropbear -i -r ${{DROPBEAR_RSAKEY_DIR}}/dropbear_rsa_host_key -c "/usr/bin/env obmc-console-client" $DROPBEAR_EXTRA_ARGS +ExecStart=-/usr/bin/env dropbear -i -r ${{DROPBEAR_RSAKEY_DIR}}/dropbear_rsa_host_key -c "/usr/bin/env obmc-console-client" -G priv-admin $DROPBEAR_EXTRA_ARGS SyslogIdentifier=dropbear ExecReload={base_bindir}/kill -HUP $MAINPID StandardInput=socket -- cgit v1.2.3