Comments (4)
Would need to test that this does not impact the Packer build as it uses SSH user/pass for executing the machine image build.
Please use the issue template and provide additional detail for scenario and any results of testing with allow-pw: false
.
Ryan
from packer-examples-for-vsphere.
Based on my testing, changing the user-data
file to specify allow-pw:false
instead of allow-pw:true
will result in a build failure that will disconnect Packer during the build process as it will not longer be able to connect with the build_username
/ build_password.
A more appropriate solution would be to modify /scripts/linux/ubuntu-server-cleanup.sh
to modify the sshd_config
via sed.
This section:
### Configure SSH for Public Key Authentication. ###
echo '> Configuring SSH for Public Key Authentication ...'
sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
sudo sed -i "s/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g" /etc/ssh/sshd_config
This would need to have the following additional setting changes at a minimum:
PasswordAuthentication no
This could be done by adding changing the scripts /scripts/linux/*-cleanup.sh
...
### Configure SSH for Public Key Authentication. ###
echo '> Configuring SSH for Public Key Authentication ...'
sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
We'll mark this for testing.
Ryan
from packer-examples-for-vsphere.
By default, both Public Key Authentication and Password Authentication are enabled for Linux distributons. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated script in the /scripts
directory. Comments are added to the scripts to call out what to uncomment, if desired.
Example: /scripts/linux/ubuntu-server-cleanup.sh
### Configure SSH for Public Key Authentication. ###
echo '> Configuring SSH for Public Key Authentication ...'
### Comment or r4move the line below to to disable Public Key Authentication allow _only_ Password Authentication. ###
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ###
### sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
Ryan
from packer-examples-for-vsphere.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
from packer-examples-for-vsphere.
Related Issues (20)
- Simple solve for AlmaLinux 8 - Failed to validate GPG signature HOT 4
- Photon Build Failures HOT 8
- Server 2016 Needs HOT 3
- can't mount centos 7 iso HOT 3
- Not able to create Rhel-8 Image its getting timed out after IP allocation HOT 2
- PowerShell provisioner error on Windows 10 and 11 HOT 1
- Add Fedora Server Linux distribution HOT 7
- Add Amazon Linux distribution HOT 3
- Add Ubuntu Server 24.04 LTS HOT 1
- can't find product key from Unattended file HOT 1
- Windows 11 and 10 Evaluation builds fail to start HOT 3
- Ansible gather problem with Fedora 40 HOT 6
- Windows Server 2022 Failed to read ProducKey from unattend file HOT 2
- Windows Server 2025 wrong variables HOT 4
- WinRMOperationTimeoutError
- Correct a typo in builds/linux/ubuntu/24-04-lts/data/user-data.pkrtpl.hc HOT 1
- Add variable validation for build user case and length HOT 6
- WinRM Operation Timeout HOT 2
- Debian 12 instalation halts with the message that no network mirror was selected, and then fails if manually advanced. HOT 5
- Syntax error in one of the Linux ansible playbook HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from packer-examples-for-vsphere.