rancher-hcloud icon indicating copy to clipboard operation
rancher-hcloud copied to clipboard

Published 20 hours ago verified publisher icon alexzimmer96

Disable password based authentication for SSH

Open stefandevo opened this issue 4 years ago • 4 comments

Any specific reason why

https://github.com/alexzimmer96/rancher-hcloud/blob/master/module-cluster-init/scripts/rancher_management_init.sh#L6

# Disable password based authentication for SSH
# sed -i 's/[#]*PermitRootLogin yes/PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
# sed -i 's/[#]*PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
# systemctl restart sshd

this is in comment? Think its better to really disable the password authentication?

stefandevo avatar Jan 29 '21 17:01 stefandevo

I cant remember why its commented out. I'll have a look at this later.

alexzimmer96 avatar Jan 30 '21 08:01 alexzimmer96

I tried to create a cluster by enabling this, but then the process fails.

I think this is because the part

  # This is necessary to wait for all installation tasks to finish
  provisioner "remote-exec" {
    inline = ["cloud-init status --wait > /dev/null"]
    connection {
      type        = "ssh"
      user        = "root"
      private_key = file(var.hcloud_ssh_key_path)
      host        = self.ipv4_address
    }
  }

in the resources_hetzner.tf file -> using root to logon here?

When I placed it in remark again, the creating succeeded again.

stefandevo avatar Jan 30 '21 12:01 stefandevo

Actually this part is needed for Terraform to wait until cloud-init has finished. Otherwise, installing Rancher might fail because there's no docker installed.

I think i will need to have a closer look at that.

alexzimmer96 avatar Feb 01 '21 09:02 alexzimmer96

Ok; it's true that the process is not working when enabled...

stefandevo avatar Feb 01 '21 09:02 stefandevo