On 18.05.23 15:56, Theo de Raadt wrote:
Alexander Klimov <grandmas...@al2klimov.de> wrote:--- distrib/miniroot/install.sub.orig Thu May 18 12:37:52 2023 +++ distrib/miniroot/install.sub Thu May 18 12:44:49 2023 @@ -2306,15 +2306,15 @@ [[ $START_SSHD == y ]] || return if [[ -z $ADMIN ]]; then echo "Since no user was setup, root logins via sshd(8) might be useful." fi echo "WARNING: root is targeted by password guessing attacks, pubkeys are safer." while :; do - ask "Allow root ssh login? (yes, no, prohibit-password)" no + ask "Allow root ssh login? (yes, no, (p)rohibit-password)" no _resp=$resp case $_resp in y|yes) SSHD_ENABLEROOT=yes ;; n|no) SSHD_ENABLEROOT=no ;; w|p|without-password|prohibit-password) Originally I wanted to do the same thing as above here. I.e. to change the default no -> prohibit-password which isn't less secure IMAO until you explicitly set auth. keys. But then I've discovered the "p" shortcut (I'm showing you via diff(1) -U7). IMAO showing it as I patched wouldn't harm anyone.This should not be neccessary. Almost all the prompts in the installer allow shortcut answers, as long as it is unambigious. Users can assume this, and learn it quickly. Therefore we do NOT chang all the "yes" to "(y)es". I'd be shocked if you haven't discovered this on your own.
Wait a second! (Yes, one of my biggest talents is to "oversee elephants"TM, but not this time.) E.g. I use the (C)ustom layout which *clearly indicates* its one-(C)har shortcut. Other prompts, like my diff(1)ed one, *do not*. Change my mind. Now, given that I've not overseen yet another elephant right now, if I as a user see some "(C)ustom layout" stuff on the one hand and some "yes"/"autoconf" stuff on the other hand, how should I even think of the latter being shortcuttable? apt(8) and IIRC yum(8) at least write e.g. "[Y/n]" indicating something (the default in this case) by an upper-case. Just let me know in case you change your mind. I.e. if you'd accept a s/yes/(y)es/ etc. patch from me.
What would be interesting, is to hear of a bug where the case statements are not handling a short form. You'll see in the code above that we match "y|yes", we do not match "ye". That is also intentional. But if someone forgets to add a "n", that would be bad, and we would want to fix it.
