From e7b9970ecaf001ff89e80fc0ed9ba9634bd30279 Mon Sep 17 00:00:00 2001 From: Tesshu Flower Date: Tue, 3 Dec 2024 13:46:26 -0500 Subject: [PATCH 1/2] UsePam no for sshd_config e2e running on ubuntu 24.04 (not sure of exact cause) is having issues with sshd allowing root access which is required for rsync ssh. Seems to be related to PAM. Signed-off-by: Tesshu Flower --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index d013caf84..7b99a2afa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -162,6 +162,8 @@ RUN ln -s /keys/destination /etc/ssh/ssh_host_rsa_key && \ sed -ir 's|^[#\s]*\(.*/etc/ssh/ssh_host_ecdsa_key\)$|#\1|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(.*/etc/ssh/ssh_host_ed25519_key\)$|#\1|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(PasswordAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ + sed -ir 's|^[#\s]*\(KbdInteractiveAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ + sed -ir 's|^[#\s]*\(UsePAM\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(GSSAPIAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(AllowTcpForwarding\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(X11Forwarding\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ From d2cfea1d5530c71028963a936b54b819347589eb Mon Sep 17 00:00:00 2001 From: Tesshu Flower Date: Thu, 5 Dec 2024 17:32:10 -0500 Subject: [PATCH 2/2] UsePam no in /etc/ssh/sshd_config.d/50-redhat.conf Signed-off-by: Tesshu Flower --- Dockerfile | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7b99a2afa..d4fd52742 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,7 +23,7 @@ COPY go.sum go.sum RUN go mod download # Copy the go source -COPY *.go . +COPY *.go ./ COPY api/ api/ COPY controllers/ controllers/ COPY config/openshift config/openshift @@ -163,12 +163,16 @@ RUN ln -s /keys/destination /etc/ssh/ssh_host_rsa_key && \ sed -ir 's|^[#\s]*\(.*/etc/ssh/ssh_host_ed25519_key\)$|#\1|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(PasswordAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(KbdInteractiveAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ - sed -ir 's|^[#\s]*\(UsePAM\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ - sed -ir 's|^[#\s]*\(GSSAPIAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(AllowTcpForwarding\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(X11Forwarding\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ sed -ir 's|^[#\s]*\(PermitTunnel\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ - sed -ir 's|^[#\s]*\(PidFile\)\s.*$|\1 /tmp/sshd.pid|' "$SSHD_CONFIG" + sed -ir 's|^[#\s]*\(PidFile\)\s.*$|\1 /tmp/sshd.pid|' "$SSHD_CONFIG" && \ + sed -ir 's|^[#\s]*\(UsePAM\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ + sed -ir 's|^[#\s]*\(GSSAPIAuthentication\)\s.*$|\1 no|' "$SSHD_CONFIG" && \ + \ + INCLUDED_SSH_CONFIG_DIR="/etc/ssh/sshd_config.d" && \ + sed -ir 's|^[#\s]*\(UsePAM\)\s.*$|\1 no|' "$INCLUDED_SSH_CONFIG_DIR"/* && \ + sed -ir 's|^[#\s]*\(GSSAPIAuthentication\)\s.*$|\1 no|' "$INCLUDED_SSH_CONFIG_DIR"/* ##### rsync-tls COPY /mover-rsync-tls/client.sh \