check_sshpermitrootno is broken #129
Labels
No Label
bug
bullseye
discussion
duplicate
enhancement
help wanted
invalid
question
suggestion
wontfix
No Milestone
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: evolix/evocheck#129
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The default value of
PermitRootLogin
isprohibit-password
and check_sshpermitrootno search in the config file for line settingPermitRootLogin
to something other thanno
. So when this options isn't expclicitly set in the config file,PermitRootLogin
isn't set tono
but the chekc doens't fail although it should have.This issue was revealed in ticket 55058.
Note that fixing and deploying it may lead to a lot of failed checks if they have previosly been fixed as first done in that ticket.
Even worse, we don't check the effective configuration. In the followig example evocheck approve the configuration, looking naively at the configuration file one could think
PermitRootLogin
is disabled since it's applied last, however looking at the effective configuration dumped by SSH we that's not the case!