diff options
author | Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> | 2019-09-23 20:00:10 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-09-25 03:03:03 +0300 |
commit | 19e81d3f3b731681a57bb5ef9681d33cc291bde8 (patch) | |
tree | c4c44b811417fec2cab981d820101e0a62d8fe14 /meta-phosphor/recipes-core | |
parent | 60301251ca16e8886300e599cbdc11e7cd6acfa4 (diff) | |
download | openbmc-19e81d3f3b731681a57bb5ef9681d33cc291bde8.tar.xz |
ssh: Allow ssh authentication only for admin priv
Restrict SSH authentication only for priv-admin users
instead of all privileged users, for security reasons.
This avoids low level privilege user in establishing
a SSH connection
Tested:
1. Verified ssh works fine for any priv-admin user
2. Blocked for all other non-admin users.
(From meta-phosphor rev: f15b0ea6b5a35edfec285aa7e734ff34739c4898)
Change-Id: I5659eb504ed76133cd1b4ade6511d419fb239419
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-phosphor/recipes-core')
-rw-r--r-- | meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default | 1 | ||||
-rw-r--r-- | meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend | 4 |
2 files changed, 4 insertions, 1 deletions
diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default new file mode 100644 index 0000000000..b2f1ecc7d7 --- /dev/null +++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default @@ -0,0 +1 @@ +DROPBEAR_EXTRA_ARGS="-G priv-admin" diff --git a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend index cab454af28..e3749acc97 100644 --- a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend +++ b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend @@ -3,4 +3,6 @@ # to yocto 2.5 or later which will pull in the latest dropbear code. FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += "file://dropbearkey.service \ - file://localoptions.h" + file://localoptions.h \ + file://dropbear.default \ + " |