[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44808: Default to allowing password authentication on leaves users v
|
From: |
Dr. Arne Babenhauserheide |
|
Subject: |
bug#44808: Default to allowing password authentication on leaves users vulnerable |
|
Date: |
Mon, 07 Dec 2020 13:56:04 +0100 |
|
User-agent: |
mu4e 1.4.13; emacs 27.1 |
Ludovic Courtès <ludo@gnu.org> writes:
>>> #2 is more thorough but also more risky: people could find themselves
>>> locked out of their server after reconfiguration, though this could be
>>> mitigated by a news entry.
>>>
>>> Thoughts?
My thoughts are that there is no mitigation for being locked out of a
pre-existing server. Keep in mind that that server might not actually be
accessible in any other way — it might be with a cheap hoster whose
support is practically non-existent, or it might be in a sealed
measurement container that can only be accessed via SSH without
disassembly.
>> We could also do a combination of the above, as a transitional plan:
>> do #1 for now, but try to advertise that in the future, the default will
>> be changing... please explicitly set password access to #t if you need
>> this! Then in the *following* release, change the default.
This sounds like trying to retroactively fixing a problem at the wrong
place: If the installer creates a configuration which prevents
password-authentication, there is no problem for new systems and new
users who need password-authentication will explicitly see in the
config, that they have to change it, otherwise it won’t work. All the
while old systems will keep working.
I do need to access my system via password+ssh from time to time,
because I don’t want to have a key that can access my system on a
presentation-laptop that (due to being moved regularly) is much less
secure than the fixed system. If someone gets access to the laptop and
compromises my keys, they can run much more efficient attacks against
its ssh-keys' password than the attacks people can use to attack ssh via
internet.
Changing a default (an invisible setting) in a way that prevents access
is a serious disruption.
In short: please don’t break running systems on update.
Best wishes,
Arne
--
Unpolitisch sein
heißt politisch sein
ohne es zu merken
signature.asc
Description: PGP signature
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable,
Dr. Arne Babenhauserheide <=
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/11
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/08
bug#44808: Default to allowing password authentication on leaves users vulnerable, Leo Famulari, 2020/12/07