From aecd2a13cbd8301d0fdeafcacbf69e12cc3f6138 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Mon, 7 Dec 2020 12:34:26 +0100 Subject: services: openssh: Warn about 'password-authentication?' default. Fixes . Reported by Christopher Lemmer Webber . * gnu/services/ssh.scm (true-but-soon-false): New procedure. ()[password-authentication?]: Change default to 'true-but-soon-false'. * gnu/installer/services.scm (%system-services): Explicitly set 'password-authentication?' to #f. --- gnu/installer/services.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'gnu/installer') diff --git a/gnu/installer/services.scm b/gnu/installer/services.scm index ec5ea30594..14a3bb9be6 100644 --- a/gnu/installer/services.scm +++ b/gnu/installer/services.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2018 Mathieu Othacehe -;;; Copyright © 2019 Ludovic Courtès +;;; Copyright © 2019, 2020 Ludovic Courtès ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen ;;; ;;; This file is part of GNU Guix. @@ -93,7 +93,11 @@ (system-service (name (G_ "OpenSSH secure shell daemon (sshd)")) (type 'networking) - (snippet '((service openssh-service-type)))) + (snippet '((service openssh-service-type + (openssh-configuration + ;; Currently the default is #t but it's considered + ;; unsafe. Explicitly pass #f. + (password-authentication? #f)))))) (system-service (name (G_ "Tor anonymous network router")) (type 'networking) -- cgit v1.2.3