From 19e81d3f3b731681a57bb5ef9681d33cc291bde8 Mon Sep 17 00:00:00 2001 From: Richard Marian Thomaiyar Date: Mon, 23 Sep 2019 22:30:10 +0530 Subject: ssh: Allow ssh authentication only for admin priv Restrict SSH authentication only for priv-admin users instead of all privileged users, for security reasons. This avoids low level privilege user in establishing a SSH connection Tested: 1. Verified ssh works fine for any priv-admin user 2. Blocked for all other non-admin users. (From meta-phosphor rev: f15b0ea6b5a35edfec285aa7e734ff34739c4898) Change-Id: I5659eb504ed76133cd1b4ade6511d419fb239419 Signed-off-by: Richard Marian Thomaiyar Signed-off-by: Brad Bishop --- meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default | 1 + meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default (limited to 'meta-phosphor/recipes-core/dropbear') diff --git a/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default new file mode 100644 index 0000000000..b2f1ecc7d7 --- /dev/null +++ b/meta-phosphor/recipes-core/dropbear/dropbear/dropbear.default @@ -0,0 +1 @@ +DROPBEAR_EXTRA_ARGS="-G priv-admin" diff --git a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend index cab454af28..e3749acc97 100644 --- a/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend +++ b/meta-phosphor/recipes-core/dropbear/dropbear_%.bbappend @@ -3,4 +3,6 @@ # to yocto 2.5 or later which will pull in the latest dropbear code. FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" SRC_URI += "file://dropbearkey.service \ - file://localoptions.h" + file://localoptions.h \ + file://dropbear.default \ + " -- cgit v1.2.3