Unable to update /etc/hosts if ssh root-login has been disabled

[christopherraa]

For us to have a dev-environment that is as close to production as possible we change as little as possible in our puppet-manifests. One thing that puppet ensures is that root is denied from logging in via ssh. This is especially important to leave as-is if spinning up machines with various cloud providers where network etc is shared between all nodes in the datacenter (Rackspace, Aws, DigitalOcean, etc). Anyway, this is roughly the steps being performed now:

• spin up node1, this gets a correct hosts-file with aliases etc
• puppet runs for node1, hardens ssh a bit
• spin up node2, this gets its own entries in the hosts-file, plus entries for node1. On node1 auth.log reveals root was denied login
• puppet runs for node2, hardens ssh a bit
• spin up node3, this gets its own entries in the hosts-file, plus entries for node1 and node2. On node1 and node 2 auth.log reveals root was denied login

Example of auth.log-entries:

Aug 10 04:15:35 <NODE> sshd[21121]: ROOT LOGIN REFUSED FROM <IP>
Aug 10 04:15:35 <NODE> sshd[21121]: ROOT LOGIN REFUSED FROM <IP> [preauth]
Aug 10 04:15:35 <NODE> sshd[21121]: Connection closed by <IP> [preauth]

I do not have a very good proposition for fix of this yet, but perhaps you can think of something? When using vagrant ssh <NODE> I usually use -p so normal auth-mechanisms are used. Perhaps some usage of this could help alleviate the situation.

[christopherraa]

Closing this issue as it was opened five years ago and has had no activity since.