From: Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr>
Date: Fri, 15 Jun 2012 13:55:02 +0000 (+0300)
Subject: fix sshd settings
X-Git-Tag: sliceimage-5.1-2~3
X-Git-Url: http://git.onelab.eu/?p=sliceimage.git;a=commitdiff_plain;h=fe8b5b907b6a1dc828f9b8cdfff6b806dadd238e

fix sshd settings
---

diff --git a/initscripts/lxc-sliceimage b/initscripts/lxc-sliceimage
index b1c6337..07ff98a 100755
--- a/initscripts/lxc-sliceimage
+++ b/initscripts/lxc-sliceimage
@@ -89,8 +89,9 @@ ONBOOT=yes
 EOF
     # Tweak sshd configuration
     chroot $rootfs sed -i 's/^UsePAM\ *yes/\#&/' /etc/ssh/sshd_config
-    chroot $rootfs sed -i 's/^GSSAPIAuthentication\ *yes/\#&/' /etc/ssh/sshd_config
-    chroot $rootfs sed -i 's/^PasswordAuthentication\ *yes/\#&/' /etc/ssh/sshd_config
+    # commenting out the defaults in the file is not enough, need to explicitly set these to no
+    chroot $rootfs sed -i 's/^GSSAPIAuthentication.*$/GSSAPIAuthentication no/' /etc/ssh/sshd_config
+    chroot $rootfs sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication no/' /etc/ssh/sshd_config
     # Allow root to login at virsh console
     echo "pts/0" >> $rootfs/etc/securetty
     # our image does not have NetworkManager, only network, and it is off by default