Disallow root password login (#54)

viniciusferrao · Apr 12, 2024 · 68d132c · 68d132c
1 parent bf04d29
commit 68d132c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/include/cloysterhpc/services/shell.h b/include/cloysterhpc/services/shell.h
@@ -29,6 +29,7 @@ class Shell : public Execution {
 
     void runSystemUpdate();
     void installRequiredPackages();
+    void disallowSSHRootPasswordLogin();
 
     void installOpenHPCBase();
     void configureTimeService(const std::list<Connection>&);

diff --git a/src/services/shell.cpp b/src/services/shell.cpp
@@ -225,6 +225,14 @@ void Shell::installRequiredPackages()
     runCommand("dnf -y install wget dnf-plugins-core");
 }
 
+void Shell::disallowSSHRootPasswordLogin()
+{
+    LOG_INFO("Allowing root login only through public key authentication (SSH)")
+
+    runCommand("sed -i s/PermitRootLogin\\ yes/PermitRootLogin\\ "
+               "without-password/g /etc/ssh/sshd_config");
+}
+
 void Shell::installOpenHPCBase()
 {
     LOG_INFO("Installing base OpenHPC packages");
@@ -348,6 +356,7 @@ void Shell::install()
     configureSELinuxMode();
     configureFirewall();
     configureFQDN();
+    disallowSSHRootPasswordLogin();
 
     configureHostsFile();
     configureTimezone();