From debbugs-submit-bounces@debbugs.gnu.org Mon Dec 07 07:56:22 2020 Received: (at 44808) by debbugs.gnu.org; 7 Dec 2020 12:56:22 +0000 Received: from localhost ([127.0.0.1]:52842 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kmG3y-00082Q-Bt for submit@debbugs.gnu.org; Mon, 07 Dec 2020 07:56:22 -0500 Received: from mout.web.de ([212.227.15.4]:34327) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kmG3t-000828-Nk for 44808@debbugs.gnu.org; Mon, 07 Dec 2020 07:56:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1607345767; bh=BxlAxmAPY6PBCvEUZ/Ni5KxNO2bC1FCD+DiPpImkEaY=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:In-reply-to:Date; b=cuj4cXu3rY8LFXCwx/lki2yfKZktYJnKo6kC382/7z7se+EW4aQvWx1GW8qMbu6DC OjmcIaJYdzemNfuh2TqFdX/LckTgoSHHohDS6Hj9EJwmmxcwH7ki4bLpXPRfu5O4Yz y7qyo2DZtQFqkvTrfo4hzUs/guwLBc4X1fG5EOow= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Received: from fluss ([84.149.87.37]) by smtp.web.de (mrweb002 [213.165.67.108]) with ESMTPSA (Nemesis) id 0M8zdd-1ks0HT3TeX-00CUBV; Mon, 07 Dec 2020 13:56:06 +0100 References: <878sat3rnn.fsf@dustycloud.org> <874klgybbs.fsf@zancanaro.id.au> <87im9w2gjt.fsf@dustycloud.org> <87im9nmr5u.fsf@gmail.com> <87eek45lpg.fsf@gnu.org> <87k0twkt9c.fsf@dustycloud.org> <87sg8hzvdx.fsf@gnu.org> User-agent: mu4e 1.4.13; emacs 27.1 From: "Dr. Arne Babenhauserheide" To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: bug#44808: Default to allowing password authentication on leaves users vulnerable In-reply-to: <87sg8hzvdx.fsf@gnu.org> Date: Mon, 07 Dec 2020 13:56:04 +0100 Message-ID: <87a6upepwb.fsf@web.de> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-Provags-ID: V03:K1:JIxta9xU1k3ipYvHmYRxogn5+dxsQ3nxTNoNvQ/+Ptdf1iiZyH1 g/kn+XMM0GKFEyZQlk11zhEXxwgW06QV83YnTdySO5n2wCaINx+v9JGPJJLXvjd/5/rDyyM yKKDyOnbmj6c6yCOWhICfOE2X2ocPWosyxWKStxFoX3P5WHjnRrykLo7yz1AB7bFw0oESjd BFvaSvmtDvPO15EtTPMIg== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1;V03:K0:EEkqUNcVJ1M=:m/2AQAfqHpSGbkJVWnXeHH +nv9OBW2fsDGznuQS9Ew+RGNvmKVLt1Buqu0Gd6qvqgze5lqpZivKiX0wkg+MORdZcP0hRg+6 JJgAzaXk8Yy49lHjr3uR/JbtvxKF0lgxe1GroXo046K3BryJD9Ls9bKs2m7SUVUhx4e37x/mW oGJg46lveFjMlxP9wwpmnsPZzXWKUtfh7oIMME1n8mpH4S++cTXUxIN2q+t8Agf+NVw3allgm 4IydCgbqHRj9jzXJsraqvYblsU6wCFGq5lAWXjKNbF3trOwITCT7dw0x6jFnte+vUT6+1T26a ap5xlCPArBWhXwI9DtwzI14xrrhdqj9mq8cglxgmtLv5kEuXfQ4bZF7q0x89t9fCEF6WAoMez vCg0L9iSfXnufJY4nZrck62AcsTdAriK60LlhoFpV0UtX6f7Amh6wKKDXhdau4V26OYAbu/Al /c4ft/bSUol+Z5KFmhrbjbJScsyvy0kVhCr57AsHFRD76pymn1D2wASwcYtfABNnTsykH8ZWX Kx0feW11ldLGfMOqFdeR0OxBveO2WsUkj81pWcJkgch2A2jN4r2gur/5bLpjmmav6/Tg03iRZ CmHvIMzKCpotLPhnK2j3+KVc/kVVw/RkDINSw2dzIO88a3idM57N8E0Q5z9fQXrK8cu6pFSvX 5ONonBuAy0yOeAQv1WhZGwyS3jASALp8MCps5YjnplH8t/UCuXjDrBN4MTRjIfI8hn9foD4eo ICasogEaZxt8uNO2lB03rldxU3GG8q15Z+od0bY5ErdOfU5UZw9zxlGQkOkvh1/QmdVDweVCw kvq2uOtdDspjEREq+DBRC8ZV2bDzfw3ob/TXFebOdZkf+JfKG/0Fv5vlotFx+7wBoyCGW+jdT fylAChq3SVfD11P4rslQ== X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 44808 Cc: Christopher Lemmer Webber , bug-guix@gnu.org, Maxim Cournoyer , 44808@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Ludovic Court=C3=A8s writes: >>> #2 is more thorough but also more risky: people could find themselves >>> locked out of their server after reconfiguration, though this could be >>> mitigated by a news entry. >>> >>> Thoughts? My thoughts are that there is no mitigation for being locked out of a pre-existing server. Keep in mind that that server might not actually be accessible in any other way =E2=80=94 it might be with a cheap hoster whose support is practically non-existent, or it might be in a sealed measurement container that can only be accessed via SSH without disassembly. >> We could also do a combination of the above, as a transitional plan: >> do #1 for now, but try to advertise that in the future, the default will >> be changing... please explicitly set password access to #t if you need >> this! Then in the *following* release, change the default. This sounds like trying to retroactively fixing a problem at the wrong place: If the installer creates a configuration which prevents password-authentication, there is no problem for new systems and new users who need password-authentication will explicitly see in the config, that they have to change it, otherwise it won=E2=80=99t work. All t= he while old systems will keep working. I do need to access my system via password+ssh from time to time, because I don=E2=80=99t want to have a key that can access my system on a presentation-laptop that (due to being moved regularly) is much less secure than the fixed system. If someone gets access to the laptop and compromises my keys, they can run much more efficient attacks against its ssh-keys' password than the attacks people can use to attack ssh via internet. Changing a default (an invisible setting) in a way that prevents access is a serious disruption. In short: please don=E2=80=99t break running systems on update. Best wishes, Arne =2D-=20 Unpolitisch sein hei=C3=9Ft politisch sein ohne es zu merken --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAl/OJmUQHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD61kDEADEZc98uVkPR+pFPUf9RotGAMeF6awBwa/z q3cGIVrelsiJulny84BWiR2PEd3j7Xbx7pSNsc1PNfye+M+gDSh1OdUsnh1xNGmH CMYUKabyEeUUq//N0IDqXtZ0221BsxSiBA5bDBQlZxTR4MzkgWaCAmFFNoSqo+la TcRsbzntfF1L9xSj/rGF1Q7xQ5uIYMnl2nteBidwAATkRhIUjKwmC9E2zC84mtA0 1z2n1SaQLmfBWzqfwu5ZZMZ7mwZcT30qz2MT4SRcY0jpZ978U0VkPxQbczFIxTel EX9tYK6w7B/DHt256isVdid4oaip8Ei2umfY/HfAwmKk4Hq6FJAYYpiQnMNOb48W UWV8VWfOc+IrAuOYoXJHhFMSSNTyNhT853K7FVAw5QFlFQO71PCYesluKuhS7DN2 xLqIoMmEAiOHn5hbBkd3ZZUkJ2nzWq9JhhRuaSDJTR7HHNjfTtHV0q8yV3KBqJHd XqiehMDeJnsuW101dqvGEZBv9bYo0HEN3Lmuj+izNg2el8A3K/8vUOx7KYPtbhqd 0Tqek/VndIAPsJ5zlKSAUn+o8myhgDuM5eaFFvQAH+WNMnqiIh+kdc+dfDpcoEyz JK+ExDuk0oLP1wJN3ZCFhXStYQJfgGqughGhSpF0Xg6fECPHEcNVFj3lj7ome7nU dF0OcWd1KIjEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAl/OJmUQHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSAWmBACdm9rbbnnRsGmmixzxC0v0uSQe apSAtCACFlLWreldBYHXj1VaHOuDFikEt+a4nL5B0l4XA398NMIy9TIPA2RdAotJ dfKAYiKDCZ91aXpF+P2z6WCmzpLPQkRb9QlOWeN7y/pILtrEA6wYGL1mxNsXfmWK QmQLZpWxRbx0CZ4Yeg== =XUep -----END PGP SIGNATURE----- --=-=-=--