Ludovic Courtès writes: > Hi! > > Maxim Cournoyer <maxim.courno...@gmail.com> skribis: > >>>> I'm on board with what you're proposing, and I think Guix should >>>> default to the more secure option, but I'm not sure that an >>>> "average user" (whatever that means for Guix's demographic) would >>>> expect that password authentication is disabled by default. >>> >>> That's fair... I think that >>> "[ ] Password authentication? (insecure)" >>> would be sufficient as an option. How do others feel? >> >> I'm +1 on disabling password access out of the box; especially since >> Guix System makes it easy to authorize SSH keys at installation time. >> We'd have to see if it breaks any of our system tests, but I doubt so. > > Agreed. There are several ways to do that: > > 1. Have the installer emit an ‘openssh-configuration’ that explicitly > disables password authentication. > > 2. Change the default value of the relevant field in > <openssh-configuration>. > > #2 is more thorough but also more risky: people could find themselves > locked out of their server after reconfiguration, though this could be > mitigated by a news entry. > > Thoughts? > > Ludo’.
We could also do a combination of the above, as a transitional plan: do #1 for now, but try to advertise that in the future, the default will be changing... please explicitly set password access to #t if you need this! Then in the *following* release, change the default. This seems like a reasonable transition plan, kind of akin to a deprecation process?
