bug#44808: Default to allowing password authentication on leaves users vulnerable

Okay, I just realized I left a friend vulnerable by guiding them through a Guix graphical install and telling them it would give them a decent setup. They turned on openssh support. Then I realized their config had password-authentication? on. That's unacceptable. We need to change this default

bug#44808: Default to allowing password authentication on leaves users vulnerable

On 23.11.2020 00:20, Christopher Lemmer Webber wrote: Okay, I just realized I left a friend vulnerable by guiding them through a Guix graphical install and telling them it would give them a decent setup. They turned on openssh support. Then I realized their config had password-authentication? o

bug#44808: Default to allowing password authentication on leaves users vulnerable

On Mon, 23 Nov 2020 03:32:08 +0100 Taylan Kammer wrote: > On 23.11.2020 00:20, Christopher Lemmer Webber wrote: > > Okay, I just realized I left a friend vulnerable by guiding them > > through a Guix graphical install and telling them it would give > > them a decent setup. They turned on openssh

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hey Chris! On Mon, Nov 23 2020, Christopher Lemmer Webber wrote: ... Plus, few distributions do what we're doing anymore, precisely because of wanting to be secure by default. Is this true? Debian defaults to passwords being allowed. I think it even allows root login by default. At least, I h

bug#44808: Default to allowing password authentication on leaves users vulnerable

raingloom writes: > On Mon, 23 Nov 2020 03:32:08 +0100 > Taylan Kammer wrote: > >> On 23.11.2020 00:20, Christopher Lemmer Webber wrote: >> > Okay, I just realized I left a friend vulnerable by guiding them >> > through a Guix graphical install and telling them it would give >> > them a decent se

bug#44808: Default to allowing password authentication on leaves users vulnerable

Carlo Zancanaro writes: > Hey Chris! > > On Mon, Nov 23 2020, Christopher Lemmer Webber wrote: >> ... Plus, few distributions do what we're doing anymore, precisely >> because of wanting to be secure by default. > > Is this true? Debian defaults to passwords being allowed. I think it > even allows

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hello, Christopher Lemmer Webber writes: > Carlo Zancanaro writes: > >> Hey Chris! >> >> On Mon, Nov 23 2020, Christopher Lemmer Webber wrote: >>> ... Plus, few distributions do what we're doing anymore, precisely >>> because of wanting to be secure by default. >> >> Is this true? Debian default

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi! Maxim Cournoyer skribis: >>> I'm on board with what you're proposing, and I think Guix should >>> default to the more secure option, but I'm not sure that an >>> "average user" (whatever that means for Guix's demographic) would >>> expect that password authentication is disabled by default.

bug#44808: Default to allowing password authentication on leaves users vulnerable

Ludovic Courtès writes: > Hi! > > Maxim Cournoyer skribis: > I'm on board with what you're proposing, and I think Guix should default to the more secure option, but I'm not sure that an "average user" (whatever that means for Guix's demographic) would expect that password aut

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi Chris, Christopher Lemmer Webber skribis: > Ludovic Courtès writes: [...] >> Agreed. There are several ways to do that: >> >> 1. Have the installer emit an ‘openssh-configuration’ that explicitly >> disables password authentication. >> >> 2. Change the default value of the relevan

bug#44808: Default to allowing password authentication on leaves users vulnerable

Ludovic Courtès writes: >>> #2 is more thorough but also more risky: people could find themselves >>> locked out of their server after reconfiguration, though this could be >>> mitigated by a news entry. >>> >>> Thoughts? My thoughts are that there is no mitigation for being locked out of a pre

bug#44808: Default to allowing password authentication on leaves users vulnerable

Dr. Arne Babenhauserheide writes: > Ludovic Courtès writes: > #2 is more thorough but also more risky: people could find themselves locked out of their server after reconfiguration, though this could be mitigated by a news entry. Thoughts? > > My thoughts are that there i

bug#44808: Default to allowing password authentication on leaves users vulnerable

On Sat, Dec 05, 2020 at 01:22:23PM -0500, Christopher Lemmer Webber wrote: > > 2. Change the default value of the relevant field in > > . > > > > #2 is more thorough but also more risky: people could find themselves > > locked out of their server after reconfiguration, though this could be >

bug#44808: Default to allowing password authentication on leaves users vulnerable

Christopher Lemmer Webber writes: > Dr. Arne Babenhauserheide writes: > >> Ludovic Courtès writes: >> > #2 is more thorough but also more risky: people could find themselves > locked out of their server after reconfiguration, though this could be > mitigated by a news entry. > >

bug#44808: Default to allowing password authentication on leaves users vulnerable

Leo Famulari writes: > On Sat, Dec 05, 2020 at 01:22:23PM -0500, Christopher Lemmer Webber wrote: >> > 2. Change the default value of the relevant field in >> > . >> > >> > #2 is more thorough but also more risky: people could find themselves >> > locked out of their server after reconfigur

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi, "Dr. Arne Babenhauserheide" writes: > To nudge them to secure their system, guix system reconfigure could emit > a warning that this is a potential security risk that requires setting > an explicit value (password yes or no) to silence. I think this is a good idea. Likewise, in the Guix ins

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi, Mark H Weaver skribis: > "Dr. Arne Babenhauserheide" writes: >> To nudge them to secure their system, guix system reconfigure could emit >> a warning that this is a potential security risk that requires setting >> an explicit value (password yes or no) to silence. > > I think this is a good

bug#44808: Default to allowing password authentication on leaves users vulnerable

Mark H Weaver writes: > Hi, > > "Dr. Arne Babenhauserheide" writes: >> To nudge them to secure their system, guix system reconfigure could emit >> a warning that this is a potential security risk that requires setting >> an explicit value (password yes or no) to silence. > > I think this is a goo

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi Ludovic, Ludovic Courtès writes: > Mark H Weaver skribis: > >> "Dr. Arne Babenhauserheide" writes: >>> To nudge them to secure their system, guix system reconfigure could emit >>> a warning that this is a potential security risk that requires setting >>> an explicit value (password yes or n

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi Mark, Mark H Weaver skribis: > Ludovic Courtès writes: [...] >> What do you think of the approach in >> ? > > One problem, which I just discovered, is that it warns users even if > they don't ha

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi Ludovic, Ludovic Courtès writes: > Mark H Weaver skribis: > >> Ludovic Courtès writes: > > [...] > >>> What do you think of the approach in >>> ? >> >> One problem, which I just discovered, is th

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi, Mark H Weaver skribis: > gnu/services/ssh.scm:570:31, here: > > > https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/services/ssh.scm?id=ec2eccbf3d1a6378c5ebf1e3d17ec72b4b2a4cd0#n570 > > Here's what I see when I build a system: > > mhw@jojen ~/guix$ ./pre-inst-env guix system build /etc/

bug#44808: Default to allowing password authentication on leaves users vulnerable

Hi guix users, It strikes me that a better course of action here would be, rather than providing a warning that might not be noticed by the user, to remove the default and force people to explicitly put `password-authentication? #t` or `password-authentication? #f`. That way if I have set up a

bug#44808: Default to allowing password authentication on leaves users vulnerable

On Thu, Feb 11, 2021 at 07:46:51AM +, raid5atemyhomework via Bug reports for GNU Guix wrote: > Hi guix users, > > It strikes me that a better course of action here would be, rather than > providing a warning that might not be noticed by the user, to remove the > default and force people to