Both CentOS and Fedora have had this enabled by default up until now, but that's no longer the case as of Fedora 31. Enabling it explicitly makes the first connection work as expected on the newer distributions without impacting the older ones negatively. Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- guests/configs/kickstart.cfg | 12 ++++++++++++ guests/configs/preseed.cfg | 12 +++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/guests/configs/kickstart.cfg b/guests/configs/kickstart.cfg index 571ac46..713557a 100644 --- a/guests/configs/kickstart.cfg +++ b/guests/configs/kickstart.cfg @@ -58,3 +58,15 @@ network --bootproto=dhcp --noipv6 --activate --onboot=yes %packages @core %end + + +# Software configuration +# +# +# We need to be able to login as root via ssh the very first +# time we connect, but as part of the Ansible playbooks we're +# going to change this so that only key-based authentication +# is permitted during regular use +%post --erroronfail +sed -i 's/^#*\s*PermitRootLogin\s*.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config +%end diff --git a/guests/configs/preseed.cfg b/guests/configs/preseed.cfg index 03c47a9..74409d8 100644 --- a/guests/configs/preseed.cfg +++ b/guests/configs/preseed.cfg @@ -76,10 +76,16 @@ d-i netcfg/get_domain string localdomain # Software installation # # Only install the very base packages: everything else will be -# installed later using Ansible. We need to install openssh-server -# and configure it to permit root login now, though, otherwise we -# won't be able to access the machine for Ansible use later on +# installed later using Ansible tasksel tasksel/first multiselect standard d-i pkgsel/upgrade select none d-i pkgsel/include string openssh-server + + +# Software configuration +# +# We need to be able to login as root via ssh the very first +# time we connect, but as part of the Ansible playbooks we're +# going to change this so that only key-based authentication +# is permitted during regular use d-i preseed/late_command string in-target sed -i 's/^#*\s*PermitRootLogin\s*.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config -- 2.21.0 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
