particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

distro/rhel86: disable pw auth for EC2 images

Browse source 
Disable loging in via password authentication since this is an
official Amazon marketplace requirement

  Linux-based AMIs must not allow SSH password authentication.
  Disable password authentication via your sshd_config file by
  setting PasswordAuthentication to NO.

  Section "Security policies" from
  https://docs.aws.amazon.com/marketplace/latest/userguide/product-and-ami-policies.html
This commit is contained in:
Christian Kellner 2022-01-28 16:10:42 +00:00 committed by Tomáš Hozza
parent 8aede24057
commit 90cebf0337
10 changed files with 73 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
test/data/manifests/centos_8-aarch64-ami-boot.json
View file

@ -1031,6 +1031,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/centos_8-x86_64-ami-boot.json
View file

@ -1015,6 +1015,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/rhel_86-aarch64-ami-boot.json
View file

@ -1058,6 +1058,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/rhel_86-aarch64-ec2-boot.json
View file

@ -1072,6 +1072,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/rhel_86-x86_64-ami-boot.json
View file

@ -1045,6 +1045,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/rhel_86-x86_64-ec2-boot.json
View file

@ -1061,6 +1061,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/rhel_86-x86_64-ec2_ha-boot.json
View file

@ -1248,6 +1248,14 @@
"profile": "sssd"
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {

8
test/data/manifests/rhel_86-x86_64-ec2_sap-boot.json
View file

@ -1416,6 +1416,14 @@
]
}
},
{
"type": "org.osbuild.sshd.config",
"options": {
"config": {
"PasswordAuthentication": false
}
}
},
{
"type": "org.osbuild.fstab",
"options": {