On Tue, 2012-05-29 at 14:36 +0200, Radek Vykydal wrote: > In this take: > > 1) sshd is started always, regardless of sshd boot option, > (as in s390x) with empty root password. I don't like this much. I think we should probably have a separate "anaconda-sshd.service" which includes: [Unit] After=anaconda.target ConditionKernelCommandLine=|sshd ConditionPathExists=|/run/install/.startsshd [Service] EnvironmentFile=/etc/sysconfig/sshd ExecStartPre=/usr/sbin/sshd-keygen ExecStart=/usr/sbin/sshd -D $OPTIONS -f /etc/ssh/sshd_config.anaconda ExecReload=/bin/kill -HUP $MAINPID So we'll start our sshd if: a) 'sshd' is on the commandline, or b) /run/install/.startsshd exists. > 2) sshpw kickstart command works, so root/users passwords can be set, > but this happens in anaconda so between sshd and anaconda is run > there is root ssh access without password. > Is this ok for alpha2? > To achieve original behaviour we'll need to parse sshd option in dracut and > change sshd (and/or perhaps anaconda/sshd systemd) configuration files in dracut. > Setting passwords (at least for root) already in dracut may be needed. > I'd need to consult this with Will, or leave it to him. We could move 'sshpw' handling into dracut, for now. Then dracut could create /run/install/.startsshd, and off we'd go. In the future I'd like to move all of the stuff in anaconda that happens before we start the UI into a separate binary/service, so we can run that and *then* start all the various stuff that we configure via kickstart/kernel args/etc. -w _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
