bug#44808: Default to allowing password authentication on leaves users v

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44808: Default to allowing password authentication on leaves users v

From:	Ludovic Courtès
Subject:	bug#44808: Default to allowing password authentication on leaves users vulnerable
Date:	Mon, 07 Dec 2020 12:51:54 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Hi Chris,

Christopher Lemmer Webber <cwebber@dustycloud.org> skribis:

> Ludovic Courtès writes:

[...]

>> Agreed.  There are several ways to do that:
>>
>>   1. Have the installer emit an ‘openssh-configuration’ that explicitly
>>      disables password authentication.
>>
>>   2. Change the default value of the relevant field in
>>      <openssh-configuration>.
>>
>> #2 is more thorough but also more risky: people could find themselves
>> locked out of their server after reconfiguration, though this could be
>> mitigated by a news entry.
>>
>> Thoughts?
>>
>> Ludo’.
>
> We could also do a combination of the above, as a transitional plan:
> do #1 for now, but try to advertise that in the future, the default will
> be changing... please explicitly set password access to #t if you need
> this!  Then in the *following* release, change the default.
>
> This seems like a reasonable transition plan, kind of akin to a
> deprecation process?

Sounds like a plan.  I went ahead and pushed
aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138 which does this.

Thanks,
Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/05
  - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès <=
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/08
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/11
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/08

Prev by Date: bug#26715: xorg-service includes xf86-video-intel unconditionally
Next by Date: bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces
Previous by thread: bug#44808: Default to allowing password authentication on leaves users vulnerable
Next by thread: bug#44808: Default to allowing password authentication on leaves users vulnerable
Index(es):
- Date
- Thread