Add build-time option to disable root SSH access #32
Description
Description
Add a configuration variable in local.conf that can disable SSH root login for security purposes. This should be a build-time option that allows users to create more secure production images.
Requirements
- Add an environment variable (e.g.,
EDGEOS_DISABLE_ROOT_SSH) in local.conf - When enabled, prevent
ssh root@edgeos-device.localaccess - Should still allow non-root user SSH access if configured
- Must be configurable at build time, not runtime
Suggested Implementation
-
Add to local.conf.sample:
# Disable root SSH access (0 = allow, 1 = disable) # EDGEOS_DISABLE_ROOT_SSH = "1"
-
Create OpenSSH bbappend:
# meta-edgeos/recipes-connectivity/openssh/openssh_%.bbappend do_install:append() { if [ "${EDGEOS_DISABLE_ROOT_SSH}" = "1" ]; then sed -i 's/^#*PermitRootLogin.*/PermitRootLogin no/' ${D}${sysconfdir}/ssh/sshd_config fi }
-
Alternative: Manage via edgeos-user recipe
- Configure SSH settings based on the variable
- Potentially create alternative admin user when root is disabled
Security Considerations
- Document that disabling root SSH requires alternative access method
- Consider requiring creation of admin user when root SSH is disabled
- Ensure serial console access remains available for recovery
Acceptance Criteria
- EDGEOS_DISABLE_ROOT_SSH variable documented in local.conf.sample
- When set to "1", root SSH login is disabled
- When set to "0" or unset, root SSH login is allowed (current behavior)
- SSH daemon configuration properly updated during build
- Documentation updated with security recommendations