[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44808: Default to allowing password authentication on leaves users v
|
From: |
Mark H Weaver |
|
Subject: |
bug#44808: Default to allowing password authentication on leaves users vulnerable |
|
Date: |
Tue, 08 Dec 2020 20:31:16 -0500 |
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Mark H Weaver <mhw@netris.org> skribis:
>
>> "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes:
>>> To nudge them to secure their system, guix system reconfigure could emit
>>> a warning that this is a potential security risk that requires setting
>>> an explicit value (password yes or no) to silence.
>>
>> I think this is a good idea. Likewise, in the Guix installer, I would
>> favor asking the user whether or not to enable password authentication,
>> after warning them that it is a security risk.
>>
>> I agree with Chris that password authentication is a significant
>> security risk, but I also worry that if we simply disable it, it will
>> catch some users by surprise and they may be quite unhappy about it.
>
> What do you think of the approach in
> <https://git.savannah.gnu.org/cgit/guix.git/commit/?id=aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138>?
One problem, which I just discovered, is that it warns users even if
they don't have an 'openssh-service' in their system configuration.
(For that reason, I just reverted this commit on my private branch).
> The default is unchanged but the warning could be kept say until the
> next release, at which point we’d change the default.
>
> Or are you suggesting keeping the default unchanged?
I don't feel strongly about what the default setting should be, as long
as we ensure that users are somehow made aware of the change before it
happens, and are given the opportunity (and preferably easy instructions
on how) to keep password authentication enabled if they wish.
I also think that the installer should explicitly ask the user what the
setting should be, so that we do not catch new users off guard who
expected to be able to ssh in to their newly-installed systems using
only a password.
If the plan is to change the default setting and issue warnings in the
meantime, it should be easy to silence those warnings, especially for
those of us who don't even use openssh-service :)
What do you think?
Regards,
Mark
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable,
Mark H Weaver <=
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/11
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/08
bug#44808: Default to allowing password authentication on leaves users vulnerable, Leo Famulari, 2020/12/07