Alexander Klimov <grandmas...@al2klimov.de> wrote: > --- distrib/miniroot/install.sub.orig Thu May 18 12:37:52 2023 > +++ distrib/miniroot/install.sub Thu May 18 12:44:49 2023 > @@ -2306,15 +2306,15 @@ > [[ $START_SSHD == y ]] || return > > if [[ -z $ADMIN ]]; then > echo "Since no user was setup, root logins via sshd(8) might > be useful." > fi > echo "WARNING: root is targeted by password guessing attacks, pubkeys > are safer." > while :; do > - ask "Allow root ssh login? (yes, no, prohibit-password)" no > + ask "Allow root ssh login? (yes, no, (p)rohibit-password)" no > _resp=$resp > case $_resp in > y|yes) SSHD_ENABLEROOT=yes > ;; > n|no) SSHD_ENABLEROOT=no > ;; > w|p|without-password|prohibit-password) > > Originally I wanted to do the same thing as above here. > I.e. to change the default no -> prohibit-password > which isn't less secure IMAO until you explicitly set auth. keys. > But then I've discovered the "p" shortcut (I'm showing you via diff(1) -U7). > IMAO showing it as I patched wouldn't harm anyone.
This should not be neccessary. Almost all the prompts in the installer allow shortcut answers, as long as it is unambigious. Users can assume this, and learn it quickly. Therefore we do NOT chang all the "yes" to "(y)es". I'd be shocked if you haven't discovered this on your own. What would be interesting, is to hear of a bug where the case statements are not handling a short form. You'll see in the code above that we match "y|yes", we do not match "ye". That is also intentional. But if someone forgets to add a "n", that would be bad, and we would want to fix it.
