From debbugs-submit-bounces@debbugs.gnu.org Mon Nov 23 11:18:53 2020 Received: (at 44808) by debbugs.gnu.org; 23 Nov 2020 16:18:53 +0000 Received: from localhost ([127.0.0.1]:50841 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1khEYH-0005Gt-5n for submit@debbugs.gnu.org; Mon, 23 Nov 2020 11:18:53 -0500 Received: from dustycloud.org ([50.116.34.160]:58008) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1khEYF-0005Gl-LY for 44808@debbugs.gnu.org; Mon, 23 Nov 2020 11:18:51 -0500 Received: from twig (localhost [127.0.0.1]) by dustycloud.org (Postfix) with ESMTPS id 4E8E2266EC; Mon, 23 Nov 2020 11:18:27 -0500 (EST) References: <878sat3rnn.fsf@dustycloud.org> <874klgybbs.fsf@zancanaro.id.au> User-agent: mu4e 1.4.13; emacs 27.1 From: Christopher Lemmer Webber To: Carlo Zancanaro Subject: Re: bug#44808: Default to allowing password authentication on leaves users vulnerable In-reply-to: <874klgybbs.fsf@zancanaro.id.au> Date: Mon, 23 Nov 2020 11:17:58 -0500 Message-ID: <87im9w2gjt.fsf@dustycloud.org> MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 44808 Cc: 44808@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Carlo Zancanaro writes: > Hey Chris! > > On Mon, Nov 23 2020, Christopher Lemmer Webber wrote: >> ... Plus, few distributions do what we're doing anymore, precisely >> because of wanting to be secure by default. > > Is this true? Debian defaults to passwords being allowed. I think it > even allows root login by default. At least, I have always had to add > "PermitRootLogin no" and "PasswordAuthentication no" whenever I > install openssh-server on debian. Perhaps I'm wrong... I had thought that the last time I installed a Debian server, password based access was off by default. But I could be wrong. > I'm on board with what you're proposing, and I think Guix should > default to the more secure option, but I'm not sure that an > "average user" (whatever that means for Guix's demographic) would > expect that password authentication is disabled by default. That's fair... I think that "[ ] Password authentication? (insecure)" would be sufficient as an option. How do others feel?