Okay, I just realized I left a friend vulnerable by guiding them through
a Guix graphical install and telling them it would give them a decent
setup. They turned on openssh support.
Then I realized their config had password-authentication? on.
That's unacceptable. We need to change this default. This is known to
leave users open to attack, and selecting a password secure enough
against brute forcing is fairly difficult, much more difficult than only
allowing entry by keys. Plus, few distributions do what we're doing
anymore, precisely because of wanting to be secure by default.
Yes, I know some people want password authentication on as part of a
bootstrapping process. Fine... those users know to put it on. Let's
not leave our users open to attack by default though.
Happy to produce a patch and change the documentation, but I'd like to
hear that we have consensus to make this change. But we should, because
otherwise else I think we're going to hurt users.