yast / yast-installation

YaST module installation
http://en.opensuse.org/Portal:YaST
GNU General Public License v2.0
16 stars 44 forks source link

Don't always Enable SSHD and Open SSH Port [master] #1092

Closed shundhammer closed 1 year ago

shundhammer commented 1 year ago

Target Branch

This is the merge of #1091 to master / Factory.

Bugzilla

https://bugzilla.suse.com/show_bug.cgi?id=1211764

Trello

https://trello.com/c/ofwfoQfm/

Problem

In the security proposal just before committing the installation, SSHD was always enabled, and the SSH port 22 was always opened by default, no matter if a root password was set or not.

If there is no root password, that makes sense since then it might be a case where only public key authentication was possible after the installation. But if a root password was set, it should not be the default to enable the SSHD service and open the SSH port.

Cause

This uses a class Installation::SecuritySettings which is meant to be used as a singleton. And as the singleton instance was used for the first time, all of its values were initialized, and those values were FINAL.

That included the values for opening the ssh port and the firewall. And as a fallback, if there was no root user yet, or the root password was empty, it assumed that there was only public key authentication, and in that case, it opened the SSH port and enabled SSHD.

The trouble was that all this happened BEFORE the user was even prompted for the root password, so at that point, of course the root password was still empty, so it always fell back to public key authentication.

Fix

This factors out the check if only public key authentication is configured to a new separate method SecuritySettings.propose and calls that method when the security proposal is made in the general proposal dialog ("Installation Settings") during the installation.

Test

Manual test in an inst-sys with the changed files bind-mounted on top. Selected different roles for the initial security settings; for any of the desktop roles (KDE, Gnome, Xfce), the SSH port should remain closed by default and no SSHD should be started, for the server roles they should.

Hacked up security_settings.rb a bit to pretend it's a public key only auth scenario when entering a trivial root password such as "root" and observed that it should also open the SSH port and enable SSHD in that case, but overriding it manually by clicking on those settings in the proposal needs to work (which should then give a warning):

sshd-warning

Related PRs

coveralls commented 1 year ago

Coverage Status

coverage: 40.811% (+0.04%) from 40.768% when pulling 7e83497e271879c1ef5d3ec7dcf5529415a24590 on huha-open-ssh-02-master into 9c5bbfb8af9e0c286ccd2bf626aa5f8aafadbefb on master.

yast-bot commented 1 year ago

:heavy_check_mark: Public Jenkins job #254 successfully finished :heavy_check_mark: Created OBS submit request #1093932