New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dropbear: disable password logins for root. #29599
Conversation
I think this warrants an INSTALL.msg, at least. I'm not sure about policy (following openssh default vs changing a configuration like that), however. @void-linux/pkg-committers thoughts? |
I'm inclined to keep the service as is. The (If any change were to be made, I'd move |
Someone might be relying on this in an embedded service. At best this warrants a line in the void-docs. |
@ericonr I will write an INSTALL.msg ;) |
@mobinmob the issue here is that we'd be changing the service behavior on an update, and it's possible someone might miss it and get locked out after a reboot. Documenting that the default service allows root login might be the safest way forward (though I'd suggest keeping it disabled in your own services). Does dropbear work fine if you specify |
I am aware of that danger. I believe that having the same defaults as the de-facto standard implementation has merits.
I just checked. It produces an error in the log ( Edit: Αctually the log output is the same with either one or two -F switches. Nothing changes ;) |
INSTALL.msg noting a change isn't enough. This can really break someone's workflow, or break devices out there without other easy access. |
I get that :p |
back when i did this for openssh (5ce7496, #17596, void-linux/void-mklive#100), only one person complained in IRC but of course admitted that the move was fine to do and their (password login based ) setup was not the best |
I am in favor of merging this. objections @Vaelatern ? |
Strongly opposed to merging as-is. It's a good flag. We should have had it enabled from the beginning. But we didn't. I think it's not possible to safely migrate users in this context. |
Seconded, this is an incredibly bad idea, we can't change flags that would permanently lock out a user like this. We can add it as an INSTALL.MSG if you want, but changing the config on this package now isn't an option. |
hinting about the intended change in INSTALL.msg for a predefined period (6m? 1y?) appears reasonable to me, Void used such similar periods for similar changes before |
Dropbear users may be in embedded scenarios where any predefined period may miss someone. 5 years would feel like the minimum. |
General
Have the results of the proposed changes been tested?
This PR disables password logins for root by using the
-g
switch in the runit service. The change follows the default policy for openssh.