From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id +y0DBFUzu1//eQAA0tVLHw (envelope-from ) for ; Mon, 23 Nov 2020 03:58:13 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id OEbsOlQzu18TFwAAB5/wlQ (envelope-from ) for ; Mon, 23 Nov 2020 03:58:12 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 64AAD9403EB for ; Mon, 23 Nov 2020 03:58:12 +0000 (UTC) Received: from localhost ([::1]:48138 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kh2zS-0003Fd-SO for larch@yhetil.org; Sun, 22 Nov 2020 22:58:10 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:53870) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kh2zK-0003DP-Jr for bug-guix@gnu.org; Sun, 22 Nov 2020 22:58:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:37158) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kh2zK-0007hg-CL for bug-guix@gnu.org; Sun, 22 Nov 2020 22:58:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kh2zK-0004vY-AD for bug-guix@gnu.org; Sun, 22 Nov 2020 22:58:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#44808: Default to allowing password authentication on leaves users vulnerable Resent-From: Carlo Zancanaro Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 23 Nov 2020 03:58:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44808 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Christopher Lemmer Webber Received: via spool by 44808-submit@debbugs.gnu.org id=B44808.160610385218904 (code B ref 44808); Mon, 23 Nov 2020 03:58:02 +0000 Received: (at 44808) by debbugs.gnu.org; 23 Nov 2020 03:57:32 +0000 Received: from localhost ([127.0.0.1]:48704 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kh2yq-0004uq-4Y for submit@debbugs.gnu.org; Sun, 22 Nov 2020 22:57:32 -0500 Received: from zancanaro.com.au ([45.76.117.151]:42246) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kh2yo-0004ue-I6 for 44808@debbugs.gnu.org; Sun, 22 Nov 2020 22:57:31 -0500 Received: by zancanaro.com.au (Postfix, from userid 116) id 6DE5632A5E; Mon, 23 Nov 2020 03:57:28 +0000 (UTC) Received: from jolteon (ec2-13-55-194-30.ap-southeast-2.compute.amazonaws.com [13.55.194.30]) by zancanaro.com.au (Postfix) with ESMTPSA id 0200932A45; Mon, 23 Nov 2020 03:57:27 +0000 (UTC) References: <878sat3rnn.fsf@dustycloud.org> User-agent: mu4e 1.4.13; emacs 27.1 From: Carlo Zancanaro In-reply-to: <878sat3rnn.fsf@dustycloud.org> Date: Mon, 23 Nov 2020 14:57:27 +1100 Message-ID: <874klgybbs.fsf@zancanaro.id.au> MIME-Version: 1.0 Content-Type: text/plain; format=flowed X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -1.0 (-) X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 44808@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: 3Qkic00JHjU0 Hey Chris! On Mon, Nov 23 2020, Christopher Lemmer Webber wrote: > ... Plus, few distributions do what we're doing anymore, > precisely because of wanting to be secure by default. Is this true? Debian defaults to passwords being allowed. I think it even allows root login by default. At least, I have always had to add "PermitRootLogin no" and "PasswordAuthentication no" whenever I install openssh-server on debian. I'm on board with what you're proposing, and I think Guix should default to the more secure option, but I'm not sure that an "average user" (whatever that means for Guix's demographic) would expect that password authentication is disabled by default. Carlo