Public bug reported:
Given: the attached autoinstall.yaml file being placed in the root of an
Ubuntu Desktop 24.04.3 LTS bootable USB stick.
When I: boot the laptop from the USB stick and accept the
autoinstall.yaml file as my choices to install Ubuntu.
I get:
- The laptop reboots into an installed OS and I can login as the test user with
password "test", BUT...
- The SSH daemon is accepting root logins *with a password*, not even the
default key-only logins. The configuration directive has been changed from the
default, but to the wrong thing.
- After booting into the installed OS, debconf-get-selection shows the
debconf-selections from the autoinstall.yaml file.
- If I `apt purge openssh-server ; apt install ssh`, the SSH daemon is still
misconfigured.
- If I manually say `echo "openssh-server
openssh-server/permit-root-login boolean false" |
debconf-set-selections` and then purge and reinstall the SSH daemon, I get the
default config.
I expected:
- The SSH daemon to disallow root logins.
Other information:
At first I thought this was a problem with Subiquity, but the problems
persist even with manual intervention to the installed system.
Therefore I think that the problem is with the packaging of OpenSSH
server.
When I used Apt to download the openssh-server 1:9.6p1-3ubuntu13.14
package, which is the latest version available in 24.04.03 LTS, I saw in
the postinst file the following:
75 db_get openssh-server/permit-root-login
76 permit_root_login="$RET"
77 db_get openssh-server/password-authentication
78 password_authentication="$RET"
79
80 trap cleanup EXIT
81 new_config="$(mktemp)"
82 cp -aZ /usr/share/openssh/sshd_config "$new_config"
83 if [ "$permit_root_login" != true ]; then
84 sed -i 's/^#*PermitRootLogin .*/PermitRootLogin yes/' \
85 "$new_config"
86 fi
I think line 84 is meant to say:
sed -i 's/^#*PermitRootLogin .*/PermitRootLogin no/' \
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
** Tags: debconf postinst
** Attachment added: "autoinstall.yaml used to install Ubuntu Desktop 24.04.3
LTS"
https://bugs.launchpad.net/bugs/2128863/+attachment/5918585/+files/bugreport.yaml
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2128863
Title:
Setting the debconf "openssh-server/permit-root-login" option to false
ENABLES root logins when it should disable them
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2128863/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
