bug#44808: Default to allowing password authentication on leaves users vulnerable

unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed

From: Mark H Weaver <mhw@netris.org>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: maxim.cournoyer@gmail.com, 44808@debbugs.gnu.org
Subject: bug#44808: Default to allowing password authentication on leaves users vulnerable
Date: Tue, 08 Dec 2020 20:31:16 -0500	[thread overview]
Message-ID: <87lfe7ydc0.fsf@netris.org> (raw)
In-Reply-To: <87wnxswpmk.fsf@gnu.org>

Hi Ludovic,

Ludovic Courtès <ludo@gnu.org> writes:

> Mark H Weaver <mhw@netris.org> skribis:
>
>> "Dr. Arne Babenhauserheide" <arne_bab@web.de> writes:
>>> To nudge them to secure their system, guix system reconfigure could emit
>>> a warning that this is a potential security risk that requires setting
>>> an explicit value (password yes or no) to silence.
>>
>> I think this is a good idea.  Likewise, in the Guix installer, I would
>> favor asking the user whether or not to enable password authentication,
>> after warning them that it is a security risk.
>>
>> I agree with Chris that password authentication is a significant
>> security risk, but I also worry that if we simply disable it, it will
>> catch some users by surprise and they may be quite unhappy about it.
>
> What do you think of the approach in
> <https://git.savannah.gnu.org/cgit/guix.git/commit/?id=aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138>?

One problem, which I just discovered, is that it warns users even if
they don't have an 'openssh-service' in their system configuration.
(For that reason, I just reverted this commit on my private branch).

> The default is unchanged but the warning could be kept say until the
> next release, at which point we’d change the default.
>
> Or are you suggesting keeping the default unchanged?

I don't feel strongly about what the default setting should be, as long
as we ensure that users are somehow made aware of the change before it
happens, and are given the opportunity (and preferably easy instructions
on how) to keep password authentication enabled if they wish.

I also think that the installer should explicitly ask the user what the
setting should be, so that we do not catch new users off guard who
expected to be able to ssh in to their newly-installed systems using
only a password.

If the plan is to change the default setting and issue warnings in the
meantime, it should be easy to silence those warnings, especially for
those of us who don't even use openssh-service :)

What do you think?

      Regards,
        Mark

next prev parent reply	other threads:[~2020-12-09  1:33 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-11-22 23:20 bug#44808: Default to allowing password authentication on leaves users vulnerable Christopher Lemmer Webber
2020-11-23  2:32 ` Taylan Kammer
2020-11-23  3:46   ` raingloom
2020-11-23 16:15     ` Christopher Lemmer Webber
2020-11-23  3:57 ` Carlo Zancanaro
2020-11-23 16:17   ` Christopher Lemmer Webber
2020-11-30  3:58     ` Maxim Cournoyer
2020-12-05 15:14       ` Ludovic Courtès
2020-12-05 18:22         ` Christopher Lemmer Webber
2020-12-07 11:51           ` Ludovic Courtès
2020-12-07 12:56             ` Dr. Arne Babenhauserheide
2020-12-07 16:48               ` Christopher Lemmer Webber
2020-12-07 19:53                 ` Dr. Arne Babenhauserheide
2020-12-07 22:57                   ` Mark H Weaver
2020-12-08 10:36                     ` Ludovic Courtès
2020-12-09  1:31                       ` Mark H Weaver [this message]
2020-12-10  8:17                         ` Ludovic Courtès
2020-12-11  1:43                           ` Mark H Weaver
2020-12-11 18:10                             ` Ludovic Courtès
2020-12-08 13:48                     ` Christopher Lemmer Webber
2020-12-07 19:40           ` Leo Famulari
2020-12-07 21:38             ` Christopher Lemmer Webber
2021-02-11  7:46 ` raid5atemyhomework via Bug reports for GNU Guix
2021-02-11 20:36   ` Leo Famulari

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://guix.gnu.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87lfe7ydc0.fsf@netris.org \
    --to=mhw@netris.org \
    --cc=44808@debbugs.gnu.org \
    --cc=ludo@gnu.org \
    --cc=maxim.cournoyer@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).