Add ssh password authentication config explanation#987
Add ssh password authentication config explanation#987martindekov wants to merge 2 commits intoharvester:mainfrom
Conversation
github-actions
bot
requested review from
akashraj4261,
dariavladykina and
jillian-maroket
There was a problem hiding this comment.
Pull request overview
Updates the Harvester configuration documentation to reflect the newer installer capability (v1.8+) to control SSH password authentication behavior in addition to SFTP enablement.
Changes:
- Updates the
os.sshddocumentation wording to mention SSH password authentication control. - Adds
disable_password_authto the YAML example foros.sshd.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
Adding reference and explanation for the new feature of the installer which enables you to enable or disable ssh authentication through password for 1.8+ Signed-off-by: Martin Dekov <martin.dekov@suse.com>
|
martindekov
force-pushed
the
sshpass8548
branch
from
e3575ad to
79922b7
Compare
Co-authored-by: Ivan Sim <1330522+ihcsim@users.noreply.github.com> Signed-off-by: Martin Dekov <martin.dekov@suse.com>
| os: | ||
| sshd: | ||
| sftp: true # The SFTP subsystem is enabled. | ||
| disable_password_auth: true # SSH password authentication is disabled. |
There was a problem hiding this comment.
please also mention this takes effects only when a ssh key is existing
and update https://docs.harvesterhci.io/v1.8/install/index step 14
BTW, if user uses a configure file (e.g. pxe mode), where key is not set but password_auth is disabled, what happens? thanks.
There was a problem hiding this comment.
Maybe user wants it that way for some nodes. In a true immutable infra environment, no one should have any access to the hosts. I think if we are concerned that user ends up locking themselves out, we should make the SSH key setting a required configuration.
Also, I thought I mentioned somewhere (guess not?), please update the screenshot in step 14 of https://docs.harvesterhci.io/v1.8/install/index - thanks.
There was a problem hiding this comment.
On ISO mode, diasable_password_auth can't be set (and defaults to false) if no key is input.
I am not clear about the configuration_file used when ISO/PXE, if it follows similar logic. need to double check.
There was a problem hiding this comment.
Yeah, I sorta wondered why we needed that for ISO mode when I first reviewed it, but thought it was also ok.
If user truly locked themselves out, they should have some out-of-band remote access to their server over serial port.
Adding reference and explanation for the new feature of the installer which enables you to enable or
disable ssh authentication through password for 1.8+
Problem:
Misleading reference for sshd after latest feature being added
Solution:
Add all relevant fields for 1.8+ version
Related Issue(s):
harvester/harvester#8548
Test plan:
https://69b137c84d43a8bc6a162643--harvester-preview.netlify.app/v1.8/install/harvester-configuration/#ossshd
Additional documentation or context