Hi Ludovic, Ludovic Courtès writes: > Mark H Weaver skribis: > >> "Dr. Arne Babenhauserheide" writes: >>> To nudge them to secure their system, guix system reconfigure could emit >>> a warning that this is a potential security risk that requires setting >>> an explicit value (password yes or no) to silence. >> >> I think this is a good idea. Likewise, in the Guix installer, I would >> favor asking the user whether or not to enable password authentication, >> after warning them that it is a security risk. >> >> I agree with Chris that password authentication is a significant >> security risk, but I also worry that if we simply disable it, it will >> catch some users by surprise and they may be quite unhappy about it. > > What do you think of the approach in > ? One problem, which I just discovered, is that it warns users even if they don't have an 'openssh-service' in their system configuration. (For that reason, I just reverted this commit on my private branch). > The default is unchanged but the warning could be kept say until the > next release, at which point we’d change the default. > > Or are you suggesting keeping the default unchanged? I don't feel strongly about what the default setting should be, as long as we ensure that users are somehow made aware of the change before it happens, and are given the opportunity (and preferably easy instructions on how) to keep password authentication enabled if they wish. I also think that the installer should explicitly ask the user what the setting should be, so that we do not catch new users off guard who expected to be able to ssh in to their newly-installed systems using only a password. If the plan is to change the default setting and issue warnings in the meantime, it should be easy to silence those warnings, especially for those of us who don't even use openssh-service :) What do you think? Regards, Mark