From da7bec8d252543dd66d40d2ff7638e33113459bf Mon Sep 17 00:00:00 2001 From: Benjamin Sherman Date: Sat, 13 Sep 2025 19:28:41 -0500 Subject: [PATCH] feat: more secure Cockpit login (#286) --- ucore/post-install-ucore-minimal.sh | 3 --- .../etc/ssh/sshd_config.d/90-enable-localhost-passwords.conf | 4 ++++ 2 files changed, 4 insertions(+), 3 deletions(-) create mode 100644 ucore/system_files/etc/ssh/sshd_config.d/90-enable-localhost-passwords.conf diff --git a/ucore/post-install-ucore-minimal.sh b/ucore/post-install-ucore-minimal.sh index 3f783a1..f60d6d6 100755 --- a/ucore/post-install-ucore-minimal.sh +++ b/ucore/post-install-ucore-minimal.sh @@ -27,9 +27,6 @@ systemctl enable rpm-ostreed-automatic.timer sed -i 's/#AutomaticUpdatePolicy.*/AutomaticUpdatePolicy=stage/' /etc/rpm-ostreed.conf -# workaround to enable cockpit web logins -rm /etc/ssh/sshd_config.d/40-disable-passwords.conf - # workaround until distrobox patch for this makes it into repos ln -s ../usr/share/zoneinfo/UTC /etc/localtime diff --git a/ucore/system_files/etc/ssh/sshd_config.d/90-enable-localhost-passwords.conf b/ucore/system_files/etc/ssh/sshd_config.d/90-enable-localhost-passwords.conf new file mode 100644 index 0000000..45b48c1 --- /dev/null +++ b/ucore/system_files/etc/ssh/sshd_config.d/90-enable-localhost-passwords.conf @@ -0,0 +1,4 @@ +# uCore modification +# enables Cockpit web login without exposing password auth to network +Match Address 127.0.0.1,::1 + PasswordAuthentication yes \ No newline at end of file