[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44808: Default to allowing password authentication on leaves users v
From: |
raid5atemyhomework |
Subject: |
bug#44808: Default to allowing password authentication on leaves users vulnerable |
Date: |
Thu, 11 Feb 2021 07:46:51 +0000 |
Hi guix users,
It strikes me that a better course of action here would be, rather than
providing a warning that might not be noticed by the user, to remove the
default and force people to explicitly put `password-authentication? #t` or
`password-authentication? #f`.
That way if I have set up a headless server (possibly having a temporary
keyboard/mouse/monitor during initial install, then forever logging in
afterwards over intranet using my super secret password "raid5isnotagooddog"),
with an existing `configuration.scm` that does not explicitly give the setting,
I cannot accidentally lose access to my headless server by doing a random `guix
pull && sudo guix system reconfigure configuration.scm` without noticing the
warning.
Especially since there exists an `unattended-upgrades-service-type` which
automates this `guix pull && sudo guix system reconfigure configuration.scm`,
which makes changing this default ***VERY DANGEROUS*** in this use-case. I'd
rather I noticeably error out in this case.
Then later after a year give a "sane" default, after people who have depended
on the existing `password-authentication? #t` have already explicitly put the
setting in their `configuration.scm`.
Thanks
raid5atemyhomework
- bug#44808: Default to allowing password authentication on leaves users vulnerable,
raid5atemyhomework <=