If default_user="root" and "ssh_pwauth=true" then sshd PermitRootLogin should be "yes", not "without-password"
Bug #2002868 reported by
Nux-m
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-init |
Expired
|
Wishlist
|
Unassigned |
Bug Description
As per the $summary, if default_user is set to "root" and "ssh_pwauth=true", then sshd_config should be enforced with "PermitRootLogin yes" instead of leaving the defaults which nowadays in many distros is "without-password".
Thanks
To post a comment you must log in.
Due to the security risk, we shouldn't automatically permit root login unless the user has explicitly asked for it. There are still use cases where you would set ssh_pwauth true while not wanting root login (i.e., creating new users later).
However, it doesn't look like there's any configuration at all to allow this currently and it makes sense for cloud-init to have that. I think the ability to "PermitRootLogin" and/or modify the sshd config more generally would be a good feature addition.