obmc-console: Allow SOL over SSH only for admin
Currently SOL over SSH is enabled for all the users.
Restricting the same to admin privilege user only (priv-admin)
for security reasons, without which any user will be
able to establish the connection
Tested:
1. Verified by establishing ssh -p 2200 on priv-admin user
and authentication works as expected
2. verified that non-admin users authentication fails as
expected
(From meta-phosphor rev: 9fe68f9906a99c38758ca9ddaa72432b17841af2)
Change-Id: I7cd4a1a0c6ac85c2df277006192ee2cf6616edd8
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service b/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service
index 82ffe79..abd863a 100644
--- a/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service
+++ b/meta-phosphor/recipes-phosphor/console/obmc-console/obmc-console-ssh@.service
@@ -5,7 +5,7 @@
[Service]
Environment="DROPBEAR_RSAKEY_DIR=/etc/dropbear"
EnvironmentFile={envfiledir}/dropbear
-ExecStart=-/usr/bin/env dropbear -i -r ${{DROPBEAR_RSAKEY_DIR}}/dropbear_rsa_host_key -c "/usr/bin/env obmc-console-client" $DROPBEAR_EXTRA_ARGS
+ExecStart=-/usr/bin/env dropbear -i -r ${{DROPBEAR_RSAKEY_DIR}}/dropbear_rsa_host_key -c "/usr/bin/env obmc-console-client" -G priv-admin $DROPBEAR_EXTRA_ARGS
SyslogIdentifier=dropbear
ExecReload={base_bindir}/kill -HUP $MAINPID
StandardInput=socket