sshd: PermitRootLogin no ?

[Aleksandr Smirnov]

Hi,

I am pretty new to Proxmox, and maybe this question already explained, but I can't find anything about it in documentation as well via forum search.

So, the question is - is it really mandatory requirement to use root user for ssh communication between nodes in the proxmox cluster?
As I see - yes, new nodes can't be added to the cluster, until we switched from default

PermitRootLogin no

to

PermitRootLogin yes

in the /etc/ssh/sshd_config.

Or we could do it only at the initial stage, and then disable ssh access for the root user?

Thanks in advance for explanations!

 

[mir]

Or we could do it only at the initial stage, and then disable ssh access for the root user?

This is not an option since almost all proxmox operations requires root privileges. You can, however, disable login using password to the proxmox nodes since proxmox's access is certificate based.

 

[Aleksandr Smirnov]

Ok, thanks for the explanation.
I just want to mention, that as we are using puppet for configuration management we also had to set

managehome     => false,

for the root user, to avoid this situation, when puppet rewrites link to pve folder with file:

Feb  8 13:43:18 proxmox-node1 puppet-agent[4351]: (/Stage[main]/Profile::Base/Accounts::User[root]/Accounts::Home_dir[/root]/File[/root/.ssh/authorized_keys]/ensure) ensure changed 'link' to 'file'

Hope this will help somebody after us