PasswordAuthentication yes in the upgrade script #21
Conversation
|
Any update on it? In my case I have to add this line every time the app is installed because I have disabled password login in the ssh. |
|
Password login isn't disable by default on YunoHost. I don't think we should add this in the config. But, I don't use that app myself. Any other point of view ? |
|
If there is no issue regarding this to anyone else, I am ok with it. |
|
PasswordAuthentication is disable by default on several yunohost setup, currently it depends of your way to install yunohost. A PR, try to standardize the SSHD config on yunohost, but you can't consider passwordauthentication is disable or authorize. So your proposition to specifically authorize this user seems to be the proper way |
|
Note this PR conflict with YunoHost/yunohost#518 Precisely: here: https://github.com/YunoHost/yunohost/pull/518/files#diff-eae476b86ee57954ecbc550786e69a27R57 With this PR, it will be possible to use a sshd_config.d directory, like that change are manage in a proper way : https://github.com/YunoHost/yunohost/pull/518/files#diff-ca404b72f582b63a6e02136bd1726d6aR53 |
Update about this : this doesn't work :s So not sure what to do exactly about this ... But there are some movement on the whole ssh config (to be standardized by the migration included in 3.4). Haven't checked the whole SFTP thing though :/ Naively I would refrain from doing brutal I added this hook : https://github.com/YunoHost-Apps/mailman_ynh/blob/master/sources/hooks/conf_regen/98-postfix_mailman Which is called The alternative can also be to add an "AllowGroup sftpusers" or something like this .. This is related to Josue's work on group permissions. |
|
Looks like we should have a sshd_config.d, https://github.com/YunoHost/yunohost/pull/518/files#diff-843b7c9e9160b9d943fc5cb50163d9c9R49 now. |
N.B. : There is no ssh_config.d, and in fact no mechanism in sshd to create such a thing. I dunno how ljf came up with this thing but my understanding is that it simply does not exist... For an alternative clean solution, c.f. my previous comment though it's a bit technical to create and manipulate those hooks, but at least it won't break the regenconf like manually editing the file does :s |
|
Should I understand that the migration do create the .d directory, but sshd doesn't use it ? |
|
Hmmm nope I don't think the migration creates any .d ... There is just simply no possibility to include files in a sshd_config file ... This is apparently possible for client configuration but not server (sshd) configuration |
|
c.f. those for instance : |
|
Ok. But this line says "Create sshd_config.d dir". Anyway, I trust you, I was just saying that because of the comment and the |
|
Meh, yes indeed ... Didn't saw that line, should also have removed it in this commit : YunoHost/yunohost@25efab7 I'll do it naow |
|
By the way, that's really too bad that sshd doesn't use a .d |
|
Not relevant anymore, was done in the app at some point, now managed by the core |
If authentication through is disabled in ssh, sftp fails. Adding PasswordAuthentication yes for the webapp user makes it work only for the weapp.
Problem
Solution
PR Status
Work finished. Package_check, basic tests and upgrade from last version OK.
Could be reviewed and tested.
Validation
Minor decision
When the PR is mark as ready to merge, you have to wait for 3 days before really merge it.