GNU bug report logs - #26695
openssh password-authentication? should be #f by default

Previous Next

Package: guix;

Reported by: Christopher Allan Webber <cwebber <at> dustycloud.org>

Date: Fri, 28 Apr 2017 14:38:02 UTC

Severity: normal

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 26695 <at> debbugs.gnu.org, cwebber <at> dustycloud.org
Subject: bug#26695: openssh password-authentication? should be #f by default
Date: Fri, 28 Apr 2017 09:09:51 -0700

On April 28, 2017 7:37:13 AM PDT, Christopher Allan Webber <cwebber <at> dustycloud.org> wrote:
>Our default permits password authentication for the openssh service
>(and
>the others it seems) by default in Guix.  This is somewhat dangerous
>because this is a much easier to break in this way, and some users
>might
>not assume the default is reasonably safe.  If users really want
>password-authentication, they should turn it on explicitly.

+1. Although it means the keys will have to be copied by another mean than the "ssh-copy-id" script. Maybe the configuration could accept the public key? :) I haven't checked if this is already possible.

This bug report was last modified 1 year and 261 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #26695 openssh password-authentication? should be #f by default

GNU bug report logs - #26695
openssh password-authentication? should be #f by default