[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44808: Default to allowing password authentication on leaves users v
From: |
Ludovic Courtès |
Subject: |
bug#44808: Default to allowing password authentication on leaves users vulnerable |
Date: |
Sat, 05 Dec 2020 16:14:35 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi!
Maxim Cournoyer <maxim.cournoyer@gmail.com> skribis:
>>> I'm on board with what you're proposing, and I think Guix should
>>> default to the more secure option, but I'm not sure that an
>>> "average user" (whatever that means for Guix's demographic) would
>>> expect that password authentication is disabled by default.
>>
>> That's fair... I think that
>> "[ ] Password authentication? (insecure)"
>> would be sufficient as an option. How do others feel?
>
> I'm +1 on disabling password access out of the box; especially since
> Guix System makes it easy to authorize SSH keys at installation time.
> We'd have to see if it breaks any of our system tests, but I doubt so.
Agreed. There are several ways to do that:
1. Have the installer emit an ‘openssh-configuration’ that explicitly
disables password authentication.
2. Change the default value of the relevant field in
<openssh-configuration>.
#2 is more thorough but also more risky: people could find themselves
locked out of their server after reconfiguration, though this could be
mitigated by a news entry.
Thoughts?
Ludo’.
- bug#44808: Default to allowing password authentication on leaves users vulnerable,
Ludovic Courtès <=
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/05
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Christopher Lemmer Webber, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Dr. Arne Babenhauserheide, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/07
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/08
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Ludovic Courtès, 2020/12/10
- bug#44808: Default to allowing password authentication on leaves users vulnerable, Mark H Weaver, 2020/12/10