Disable root pasword on image

93663ddf · Cédric Le Ninivin · 0c627968 · 93663ddf · 93663ddf · 93663ddf
Commit 93663ddf authored Oct 17, 2012 by Cédric Le Ninivin
3 changed files
--- a/slapprepare/slapprepare/__init__.py
+++ b/slapprepare/slapprepare/__init__.py
@@ -317,6 +317,10 @@ def slapserver(config):
          print "Removing %r" % path
          if not dry_run:
            os.remove(path)
+    # Disable login by password for root
+    _call(['passwd','-d','root'])
  finally:
    print "SlapOS Image configuration: DONE"
    return 0
@@ -554,6 +558,12 @@ def slapprepare():
    configureNtp()
+    if not config.update :
+      print """WARNING: WE WILL DEACTIVATE CONNECTION TO ROOT BY PASSWORD.
+If you want to enable it call '# passwd root' an set a new password
+We advise you to put your public ssh key in '/root/.ssh/authorized_key'"""
    # Enable and run slapos-boot-dedicated.service
    _call(['systemctl','enable','slapos-boot-dedicated.service'])
    _call(['systemctl','start','slapos-boot-dedicated.service'])

--- a/slapprepare/slapprepare/script/slapos
+++ b/slapprepare/slapprepare/script/slapos
@@ -84,11 +84,6 @@ else
    sed -i "/${SLAPVPN}/ s/^\([^#]\)/#\1/g" $SLAPOS_CONFIGURATION/slapos.cfg
 fi
-# set random root password
-pwgen -sync 512 1 | passwd --stdin root
 SLAP_INSTALL_LOG=/opt/slapos/slapos-install.log
 while :; do

--- a/slapprepare/slapprepare/template/sshd_config.in
+++ b/slapprepare/slapprepare/template/sshd_config.in
-PermitRootLogin yes
+PermitRootLogin without-password
 AllowUsers root
 AddressFamily any