Unexpected SSH Behavior on SUSE SLES SP6 Azure VM. How to report a Bug?

Saikat P 20 Reputation points
2024-08-20T09:13:55.8+00:00

I'm facing an issue with SSH authentication on a SUSE SLES SP6 virtual machine running on the Azure platform.

I've set up the VM to use an ED25519 public key for SSH authentication. However, I've discovered that I can still log in to the VM using a password for a local user. This behavior is unexpected and poses a significant security risk.

Steps to Reproduce:

Create a new SUSE SLES SP6 virtual machine on Azure configured with SSH using an ED25519 public key.

Create a local user on the VM.

Attempt to log in to the VM using SSH with the local user and a password.

Expected Behavior:

SSH login should be restricted to the configured ED25519 public key. Password-based authentication should be disabled for security reasons, as it is in other SLES image versions.

I suspect this might be due to a misconfiguration in the sshd_config file. Such as "PasswordAuthentication no" is not added to the config file. However, adding "PasswordAuthentication no" does not solve password-based authentication issues.

I'm also unsure where to report this issue. Could someone advise where I should report this potential bug, or provide information on any official channels?

I am attaching sshd_config herewith.

Thank you for your assistance! sshd_conf.txt

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,787 questions
0 comments No comments
{count} votes

Accepted answer
  1. deherman-MSFT 36,831 Reputation points Microsoft Employee
    2024-08-20T16:43:53.53+00:00

    @Saikat P

    The image is owned and managed by SUSE. If you feel they should update the image to disallow password by default you can reach out to them. However, many users still do still use password logins. It is up to individual users to manage their configurations.

    I can see the default configuration for SUSE SP6 has UsePam set to yes. To disable password login please add both of these lines to sshd_config:

    PasswordAuthentication no

    ChallengeResponseAuthentication no

    For more information on this please see these other forum discussions.

    SSH PasswordAuthentication vs ChallengeResponseAuthentication

    Disabling password authentication

    Practical Effects of Setting “UsePAM yes” on SSH in Linux


    If you still have questions, please let us know in the "comments" and we would be happy to help you. Comment is the fastest way of notifying the experts.

    If the answer has been helpful, we appreciate hearing from you and would love to help others who may have the same question. Accepting answers helps increase visibility of this question for other members of the Microsoft Q&A community.

    Thank you for helping to improve Microsoft Q&A!

    User's image

    Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.

    There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.