From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yJEbJqXyul8XSAAA0tVLHw (envelope-from ) for ; Sun, 22 Nov 2020 23:22:13 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id ELgBIqXyul8JVQAAB5/wlQ (envelope-from ) for ; Sun, 22 Nov 2020 23:22:13 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8C6DE9403EB for ; Sun, 22 Nov 2020 23:22:12 +0000 (UTC) Received: from localhost ([::1]:39788 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kgygM-00085v-H9 for larch@yhetil.org; Sun, 22 Nov 2020 18:22:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:43342) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kgygF-00085V-4k for bug-guix@gnu.org; Sun, 22 Nov 2020 18:22:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:36988) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kgygD-0001Pg-VL for bug-guix@gnu.org; Sun, 22 Nov 2020 18:22:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kgygD-0004eq-Qb for bug-guix@gnu.org; Sun, 22 Nov 2020 18:22:01 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#44808: Default to allowing password authentication on leaves users vulnerable Resent-From: Christopher Lemmer Webber Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 22 Nov 2020 23:22:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 44808 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 44808@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.160608728517841 (code B ref -1); Sun, 22 Nov 2020 23:22:01 +0000 Received: (at submit) by debbugs.gnu.org; 22 Nov 2020 23:21:25 +0000 Received: from localhost ([127.0.0.1]:48534 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kgyfc-0004dh-TG for submit@debbugs.gnu.org; Sun, 22 Nov 2020 18:21:25 -0500 Received: from lists.gnu.org ([209.51.188.17]:39152) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kgyfa-0004dZ-KG for submit@debbugs.gnu.org; Sun, 22 Nov 2020 18:21:23 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:43282) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kgyfa-00081C-F9 for bug-guix@gnu.org; Sun, 22 Nov 2020 18:21:22 -0500 Received: from dustycloud.org ([50.116.34.160]:35190) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kgyfZ-0001NT-1v for bug-guix@gnu.org; Sun, 22 Nov 2020 18:21:22 -0500 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 3D5CF26650 for ; Sun, 22 Nov 2020 18:20:56 -0500 (EST) User-agent: mu4e 1.4.13; emacs 27.1 From: Christopher Lemmer Webber Date: Sun, 22 Nov 2020 18:20:28 -0500 Message-ID: <878sat3rnn.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=50.116.34.160; envelope-from=cwebber@dustycloud.org; helo=dustycloud.org X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -2.3 (--) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: woXfmr10Sj0C Okay, I just realized I left a friend vulnerable by guiding them through a Guix graphical install and telling them it would give them a decent setup. They turned on openssh support. Then I realized their config had password-authentication? on. That's unacceptable. We need to change this default. This is known to leave users open to attack, and selecting a password secure enough against brute forcing is fairly difficult, much more difficult than only allowing entry by keys. Plus, few distributions do what we're doing anymore, precisely because of wanting to be secure by default. Yes, I know some people want password authentication on as part of a bootstrapping process. Fine... those users know to put it on. Let's not leave our users open to attack by default though. Happy to produce a patch and change the documentation, but I'd like to hear that we have consensus to make this change. But we should, because otherwise else I think we're going to hurt users. - Chris