bug#44808: Default to allowing password authentication on leaves users v

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44808: Default to allowing password authentication on leaves users v

From:	Mark H Weaver
Subject:	bug#44808: Default to allowing password authentication on leaves users vulnerable
Date:	Mon, 07 Dec 2020 17:57:45 -0500

Hi,

"Dr. Arne Babenhauserheide" <arne_bab@web.de> writes:
> To nudge them to secure their system, guix system reconfigure could emit
> a warning that this is a potential security risk that requires setting
> an explicit value (password yes or no) to silence.

I think this is a good idea.  Likewise, in the Guix installer, I would
favor asking the user whether or not to enable password authentication,
after warning them that it is a security risk.

I agree with Chris that password authentication is a significant
security risk, but I also worry that if we simply disable it, it will
catch some users by surprise and they may be quite unhappy about it.

     Regards,
       Mark

[Prev in Thread]

Current Thread

[Next in Thread]

bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/05
  - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver <=
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/08
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/11
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/08
  - bug#44808: Default to allowing password authentication on leaves users vulnerable, Leo Famulari, 2020/12/07
    - bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07

Prev by Date: bug#44808: Default to allowing password authentication on leaves users vulnerable
Next by Date: bug#45109: GNOME: unable to change alert "beep" sound since staging merge
Previous by thread: bug#44808: Default to allowing password authentication on leaves users vulnerable
Next by thread: bug#44808: Default to allowing password authentication on leaves users vulnerable
Index(es):
- Date
- Thread