Both CentOS and Fedora have had this enabled by default up until
now, but that's no longer the case as of Fedora 31. Enabling it
explicitly makes the first connection work as expected on the
newer distributions without impacting the older ones negatively.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/configs/kickstart.cfg | 12 ++++++++++++
guests/configs/preseed.cfg | 12 +++++++++---
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/guests/configs/kickstart.cfg b/guests/configs/kickstart.cfg
index 571ac46..713557a 100644
--- a/guests/configs/kickstart.cfg
+++ b/guests/configs/kickstart.cfg
@@ -58,3 +58,15 @@ network --bootproto=dhcp --noipv6 --activate --onboot=yes
%packages
@core
%end
+
+
+# Software configuration
+#
+#
+# We need to be able to login as root via ssh the very first
+# time we connect, but as part of the Ansible playbooks we're
+# going to change this so that only key-based authentication
+# is permitted during regular use
+%post --erroronfail
+sed -i 's/^#*\s*PermitRootLogin\s*.*$/PermitRootLogin yes/g'
/etc/ssh/sshd_config
+%end
diff --git a/guests/configs/preseed.cfg b/guests/configs/preseed.cfg
index 03c47a9..74409d8 100644
--- a/guests/configs/preseed.cfg
+++ b/guests/configs/preseed.cfg
@@ -76,10 +76,16 @@ d-i netcfg/get_domain string localdomain
# Software installation
#
# Only install the very base packages: everything else will be
-# installed later using Ansible. We need to install openssh-server
-# and configure it to permit root login now, though, otherwise we
-# won't be able to access the machine for Ansible use later on
+# installed later using Ansible
tasksel tasksel/first multiselect standard
d-i pkgsel/upgrade select none
d-i pkgsel/include string openssh-server
+
+
+# Software configuration
+#
+# We need to be able to login as root via ssh the very first
+# time we connect, but as part of the Ansible playbooks we're
+# going to change this so that only key-based authentication
+# is permitted during regular use
d-i preseed/late_command string in-target sed -i
's/^#*\s*PermitRootLogin\s*.*$/PermitRootLogin yes/g' /etc/ssh/sshd_config
--
2.21.0