From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id yEVBBnyFzl9ZLgAA0tVLHw (envelope-from ) for ; Mon, 07 Dec 2020 19:41:48 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id UAMUAnyFzl+tXQAA1q6Kng (envelope-from ) for ; Mon, 07 Dec 2020 19:41:48 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9A5F99403CA for ; Mon, 7 Dec 2020 19:41:46 +0000 (UTC) Received: from localhost ([::1]:40842 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kmMOG-0004LB-S1 for larch@yhetil.org; Mon, 07 Dec 2020 14:41:44 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:53552) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kmMNe-0004Kq-S5 for bug-guix@gnu.org; Mon, 07 Dec 2020 14:41:08 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:43998) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kmMNa-00085I-HD for bug-guix@gnu.org; Mon, 07 Dec 2020 14:41:06 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kmMNa-0006GK-FA for bug-guix@gnu.org; Mon, 07 Dec 2020 14:41:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#44808: Default to allowing password authentication on leaves users vulnerable Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 07 Dec 2020 19:41:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44808 X-GNU-PR-Package: guix X-GNU-PR-Keywords: security To: Christopher Lemmer Webber Received: via spool by 44808-submit@debbugs.gnu.org id=B44808.160737002424020 (code B ref 44808); Mon, 07 Dec 2020 19:41:02 +0000 Received: (at 44808) by debbugs.gnu.org; 7 Dec 2020 19:40:24 +0000 Received: from localhost ([127.0.0.1]:55544 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kmMMy-0006FM-HB for submit@debbugs.gnu.org; Mon, 07 Dec 2020 14:40:24 -0500 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:43023) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kmMMw-0006F2-LU for 44808@debbugs.gnu.org; Mon, 07 Dec 2020 14:40:23 -0500 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 876995C0244; Mon, 7 Dec 2020 14:40:17 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Mon, 07 Dec 2020 14:40:17 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-transfer-encoding:in-reply-to; s=mesmtp; bh=OkLUasV13vkonrCMjAN6F9CEwKpNoLSIp9yj6b6Oj90=; b=Skte+A4vT7tV O3x5m3jlqM09/khVyOIAVBTqplyebGWaEaGSOw99b21pPzuFGQYmAYezYLQIAYN6 l+jKfw4f1wOWzViyw/1EhktbwOwgpFYtUO8eOmsVarhJWNvP79hwaejKSEHn+R9n unPyf5RnecP0cVBvbsi3/jvMdG1bcSc= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=OkLUasV13vkonrCMjAN6F9CEwKpNoLSIp9yj6b6Oj 90=; b=fL4fzm0BWo5yJEN8Lz2A+t+D/819DtodPUtMUugJAyXVHEj51jW1MlXJo 07dnG8m3lfY+pHtszRQfgWrSf9Q4PFbM7WIFFPByzl7S544oGTcYhWYhbCm5niXM jDcKONDCQVQzq+Zsx4PVlgvBLDIfUlzQw58Y+L82qQw1xPfEuqIJ5t3KhJj61QYq GzUdqrd0isbq9DHzFvfUHAXqmSoLLhEp49q0FkK7KfieTP+MwDagEoaoT4fkp40e gJ7byAhYPi1fk8UBSjOc+xgYKeUNx0BnctuXZOVbOKjbuZnVigrQfKJYWJgo0JWc SxGqvaawZ7rN3eke9Ewuci0kQEbxQ== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedujedrudejgedguddvjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpeffhffvuffkfhggtggugfgjsehtkeertddttdejnecuhfhrohhmpefnvgho ucfhrghmuhhlrghrihcuoehlvghosehfrghmuhhlrghrihdrnhgrmhgvqeenucggtffrrg htthgvrhhnpeegjeeggeehtddugfffuddtvdfffeffjeekffffveffheegvddvuedtffek jeejjeenucfkphepjeefrddugedurdduvdejrddugeeinecuvehluhhsthgvrhfuihiivg eptdenucfrrghrrghmpehmrghilhhfrhhomheplhgvohesfhgrmhhulhgrrhhirdhnrghm vg X-ME-Proxy: Received: from localhost (c-73-141-127-146.hsd1.pa.comcast.net [73.141.127.146]) by mail.messagingengine.com (Postfix) with ESMTPA id B5F8D240062; Mon, 7 Dec 2020 14:40:16 -0500 (EST) Date: Mon, 7 Dec 2020 14:40:15 -0500 From: Leo Famulari Message-ID: References: <878sat3rnn.fsf@dustycloud.org> <874klgybbs.fsf@zancanaro.id.au> <87im9w2gjt.fsf@dustycloud.org> <87im9nmr5u.fsf@gmail.com> <87eek45lpg.fsf@gnu.org> <87k0twkt9c.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87k0twkt9c.fsf@dustycloud.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Maxim Cournoyer , 44808@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.30 Authentication-Results: aspmx1.migadu.com; dkim=fail (headers rsa verify failed) header.d=famulari.name header.s=mesmtp header.b=Skte+A4v; dkim=fail (headers rsa verify failed) header.d=messagingengine.com header.s=fm1 header.b=fL4fzm0B; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 9A5F99403CA X-Spam-Score: -1.30 X-Migadu-Scanner: ns3122888.ip-94-23-21.eu X-TUID: 1IC6isASyAnh On Sat, Dec 05, 2020 at 01:22:23PM -0500, Christopher Lemmer Webber wrote: > > 2. Change the default value of the relevant field in > > . > > > > #2 is more thorough but also more risky: people could find themselves > > locked out of their server after reconfiguration, though this could be > > mitigated by a news entry. I do think we should avoid changing the default. I know that passphrases are inherently riskier than keys — compromise is more likely than with a key, but I think it's even more likely that people will lose access to their servers if we change this default. How bad is the risk, from a practical perspective? How many times per second can a remote attacker attempt passphrase authentication? If the number is high, we could petition OpenSSH to introduce a delay.