I've now updated the page that Pedro kindly started at
https://wiki.ubuntu.com/Recovery/Remote - this includes all the ideas
I've got so far. This is my first Ubuntu development thing, so yes, any
help very much appreciated!
You're quite right that the people you have to worry about aren't the
ones that know nothing, but the ones that know just enough to be
dangerous. In fact, given the desire for robustness (and the Robustness
Principle in general), I think it would be best to design this facility
based on the assumption that the user has been damaged their system as
much as possible without actually disabling the remote-recovery script.
That should encourage a sufficiently defencive design.
Help with managing a system is an interesting use case, but I'm not sure
if we want to be targeting it with this particular solution. I agree
that sane defaults with powerful configuration is a good approach for
users that know what the configuration options mean, but newbies with a
broken system should be asked as few questions as possible (especially
when they're paying for a long-distance phone call). Also, I think
you're talking about an ongoing remote help relationship, rather than an
emergency one shot thing. How about we break this off into a separate
feature request:
The "Add User" dialogue in "Users settings"
(System->Administration->Users and Groups) should have the following
extra options:
* Disallow password logins
* generate an SSH key, using either no passphrase, a randomly generated
passphrase, the login password, or a specific passphrase. When the user
account is added, the SSH public keys are given in a popup box
* Add specified SSH public keys to .ssh/authorized_keys
Then we can add a page to the help wiki, describing how to create a user
for port-forwarding, how to create an SSH-only user, and how to make
that user an administrator. That would give intermediate users all the
tools they need to set up a permanent remote help relationship that they
can tune to their particular needs.
Given the above, I've left the iptables things more-or-less intact on
the Remote Recovery page, since it's a good piece of robustness against
newbies.
Finally, two more ideas have occurred to me:
1) Rather than create a "remote-recovery" user on the recovery machine,
why not just let the expert log in as root? Given all the other
security measures, it wouldn't be any less secure, and would avoid the
need to have a password kicking about.
2) Experts that have just finished a remote recovery session are
probably the best people there are for providing high quality bug
reports. Ubuntu already asks for unstructured feedback when installing
a system, so it seems natural to give the same option to these people.
Presumably we need to ask someone at Canonical about whether they'd be
interested in this feedback? If so, who?
- Andrew
--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
