From: Thomas Lamprecht Date: Mon, 20 Nov 2017 07:42:46 +0000 (+0100) Subject: fix #1566: do not setup ssh config in updatecerts call X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=9a76d380f2aa22bf968c7b7e9aeae79e77191b10;p=pve-cluster.git fix #1566: do not setup ssh config in updatecerts call pvecm updatecerts gets called on each pve-cluster.service start, thus at least on each node boot and on each pve-cluster update. updatecerts contained a call to setup_sshd_config, which ensured that the sshd_config parameter 'PermitRootLogin' gets set to yes, with the intend that this is needed for a working cluster. But, also the now more common and secure options 'prohibit-password' and 'without-password' are OK for a cluster to work properly. This change was added by 6c0e95b3, without clear indication why, our installer enforces this setting already, as does a cluster create and a join to a cluster. To allow an user to use the more secure setting remove the call from updatecerts again, thus he only needs to changes this after cluster create/add operations, on one node only. Signed-off-by: Thomas Lamprecht --- diff --git a/data/PVE/CLI/pvecm.pm b/data/PVE/CLI/pvecm.pm index 9707114..a355ba5 100755 --- a/data/PVE/CLI/pvecm.pm +++ b/data/PVE/CLI/pvecm.pm @@ -768,7 +768,6 @@ __PACKAGE__->register_method ({ code => sub { my ($param) = @_; - PVE::Cluster::setup_sshd_config(0); PVE::Cluster::setup_rootsshconfig(); PVE::Cluster::gen_pve_vzdump_symlink();