Apply regreSSHion mitigation (#225)

Signed-off-by: tylertitsworth <tyler.titsworth@intel.com>
Signed-off-by: Tyler Titsworth <tyler.titsworth@intel.com>

Author: Tyler Titsworth

preset/deep-learning/Dockerfile

@@ -421,7 +421,8 @@ RUN apt-get install -y --no-install-recommends --fix-missing \
         /etc/ssh/ssh_host_*_key.pub && \
     rm -rf /var/lib/apt/lists/*
 
-RUN mkdir -p /var/run/sshd
+RUN mkdir -p /var/run/sshd && \
+    echo 'LoginGraceTime 0' >> /etc/ssh/sshd_config
 
 # https://github.com/openucx/ucx/issues/4742#issuecomment-584059909
 ENV UCX_TLS=ud,sm,self

pytorch/Dockerfile

@@ -134,6 +134,8 @@ RUN echo 'HostKey /etc/ssh/ssh_host_dsa_key' > /var/run/sshd_config && \
     echo '## Enable DEBUG log. You can ignore this but this may help you debug any issue while enabling SSHD for the first time' > /var/run/sshd_config && \
     echo 'LogLevel DEBUG3' > /var/run/sshd_config && \
     echo 'UsePAM yes' > /var/run/sshd_config && \
+    echo 'LoginGraceTime 0' >> /var/run/sshd_config && \
+    echo 'LoginGraceTime 0' >> /etc/ssh/sshd_config && \
     echo 'Subsystem       sftp    /usr/lib/openssh/sftp-server' > /var/run/sshd_config
 
 RUN mkdir -p /licensing

tensorflow/Dockerfile

@@ -106,7 +106,8 @@ ENV OMPI_ALLOW_RUN_AS_ROOT_CONFIRM=1
 ENV OMPI_MCA_tl_tcp_if_exclude="lo,docker0"
 
 # Install OpenSSH for MPI to communicate between containers
-RUN mkdir -p /var/run/sshd
+RUN mkdir -p /var/run/sshd && \
+    echo 'LoginGraceTime 0' >> /etc/ssh/sshd_config
 
 # Install Horovod
 ARG HOROVOD_WITH_TENSORFLOW=1

workflows/charts/huggingface-llm/Dockerfile

@@ -56,6 +56,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends --fix-missing \
 RUN mkdir -p /var/run/sshd && \
     cat /etc/ssh/ssh_config | grep -v StrictHostKeyChecking > /etc/ssh/ssh_config.new && \
     echo "    StrictHostKeyChecking no" >> /etc/ssh/ssh_config.new && \
+    echo 'LoginGraceTime 0' >> /etc/ssh/sshd_config && \
     mv /etc/ssh/ssh_config.new /etc/ssh/ssh_config
 
 COPY scripts /workspace/scripts/