Skip to content

Commit

Permalink
Fully disable root login for E2E testing instances (#23)
Browse files Browse the repository at this point in the history 
Co-authored-by: Zhiwei Liang <[email protected]>
  • Loading branch information
@lgarber-akamai @zliang-akamai
lgarber-akamai and zliang-akamai authored Dec 14, 2023
1 parent 6835745 commit 6354457
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions hack/harden.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,13 @@ users:
ssh_authorized_keys:
- '{{ ssh_pubkey }}'

write_files:
# Root login over SSH isn't fully disabled by disable_root
- path: /etc/ssh/sshd_config.d/51-disable-root.conf
permissions: "0600"
content: |
PermitRootLogin no

runcmd:
- service ssh restart
- service fail2ban start --enable
Expand Down

0 comments on commit 6354457

Please sign in to comment.