GNU bug report logs - #44808
Default to allowing password authentication on leaves users vulnerable

Previous Next

Full log

View this message in rfc822 format

From: raid5atemyhomework <raid5atemyhomework <at> protonmail.com>
To: "44808 <at> debbugs.gnu.org" <44808 <at> debbugs.gnu.org>
Subject: bug#44808: Default to allowing password authentication on leaves users vulnerable
Date: Thu, 11 Feb 2021 07:46:51 +0000

Hi guix users,

It strikes me that a better course of action here would be, rather than providing a warning that might not be noticed by the user, to remove the default and force people to explicitly put `password-authentication? #t` or `password-authentication? #f`.

That way if I have set up a headless server (possibly having a temporary keyboard/mouse/monitor during initial install, then forever logging in afterwards over intranet using my super secret password "raid5isnotagooddog"), with an existing `configuration.scm` that does not explicitly give the setting, I cannot accidentally lose access to my headless server by doing a random `guix pull && sudo guix system reconfigure configuration.scm` without noticing the warning.

Especially since there exists an `unattended-upgrades-service-type` which automates this `guix pull && sudo guix system reconfigure configuration.scm`, which makes changing this default ***VERY DANGEROUS*** in this use-case.  I'd rather I noticeably error out in this case.

Then later after a year give a "sane" default, after people who have depended on the existing `password-authentication? #t` have already  explicitly put the setting in their `configuration.scm`.

Thanks
raid5atemyhomework

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.