bug#44808: Default to allowing password authentication on leaves users vulnerable

["Ludovic Courtès" <ludo@gnu.org>]

Hi Mark,

Mark H Weaver <mhw@netris.org> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> What do you think of the approach in
>> <https://git.savannah.gnu.org/cgit/guix.git/commit/?id=aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138>?
>
> One problem, which I just discovered, is that it warns users even if
> they don't have an 'openssh-service' in their system configuration.

Could it be that you have a childhurd or some other service that uses
‘openssh-service-type’?  What source code location is associated with
that warning?

>> The default is unchanged but the warning could be kept say until the
>> next release, at which point we’d change the default.
>>
>> Or are you suggesting keeping the default unchanged?
>
> I don't feel strongly about what the default setting should be, as long
> as we ensure that users are somehow made aware of the change before it
> happens, and are given the opportunity (and preferably easy instructions
> on how) to keep password authentication enabled if they wish.
>
> I also think that the installer should explicitly ask the user what the
> setting should be, so that we do not catch new users off guard who
> expected to be able to ssh in to their newly-installed systems using
> only a password.

Yeah, we can do that; it’s a bit of extra complexity in the installer,
but perhaps that’ll be useful to configure other services as well.

> If the plan is to change the default setting and issue warnings in the
> meantime, it should be easy to silence those warnings, especially for
> those of us who don't even use openssh-service :)

Agreed.  :-)  Normally, if you explicitly set the field, the warning
disappears.

Thanks,
Ludo’.