Document SSH key and password authentication #80
Conversation
|
This looks great! Any chance you could throw in an example of how to create a hashed password and an FCC that uses it? I know when I come to look at this documentation those two pieces of info (along with the SSH password auth enablement bit) are going to be exactly what I'm looking for to try to reproduce a problem and having them together is going to make my life way easier. |
| inline: | | ||
| # Fedora CoreOS disables SSH password login by default. | ||
| # Enable it. | ||
| # This file must sort before 04-disable-passwords.conf. |
There was a problem hiding this comment.
I wonder if since SSHD uses a "first one wins" strategy for config merging we should make the files we write easier to override by putting them at a higher number. i.e., 80-disable-passwords.conf
There was a problem hiding this comment.
We can't. The Fedora package ships an 05-redhat.conf that includes PasswordAuthentication yes.
There was a problem hiding this comment.
ahh - grr. I guess my same question would apply to the rpm maintainers. Started a discussion there: https://src.fedoraproject.org/rpms/openssh/pull-request/9
bgilbert
changed the title
|
Updated! |
|
This is ready for merge, but I'm converting to draft so no one merges yet as recommended in #80 (comment) |
|
Should we link to this new documentation from the "By default, FCOS does not allow password logins via SSH. We recommend configuring SSH keys instead." in https://docs.fedoraproject.org/en-US/fedora-coreos/migrate-cl/#_configuration_changes ? |
|
Done! |
|
Hold for sshd packaging changes. |
|
Added a separate commit to renumber the |
IIUC if someone implements |
|
OK, moved that part to #85. |
Hold until Fedora 32 reaches FCOS stable.
Fixes coreos/fedora-coreos-tracker#138.