[elbe-devel] [PATCH v3 6/7] init: Drop initvm-ssh-root-open-danger
Sebastian Andrzej Siewior
bigeasy at linutronix.de
Wed Apr 19 15:01:12 CEST 2023
On 2023-03-03 14:37:13 [+0100], Bastian Germann wrote:
> diff --git a/examples/elbe-init-big-machine.xml b/examples/elbe-init-big-machine.xml
> index 392588c39f..02076a9444 100644
> --- a/examples/elbe-init-big-machine.xml
> +++ b/examples/elbe-init-big-machine.xml
> @@ -48,6 +48,10 @@ SPDX-FileCopyrightText: Linutronix GmbH
> </pkg-list>
> <preseed>
> <conf owner="pbuilder" key="pbuilder/mirrorsite" type="string" value="http://ftp.de.debian.org/debian"/>
> +
> + <!-- THIS CONF IS POTENTIALLY DANGEROUS! It enables logging in on the initvm's ssh as root with password.
> + See https://bugs.debian.org/837733 for this counter-intuitive setting -->
> + <conf owner="openssh-server" key="openssh-server/permit-root-login" type="boolean" value="false"/>
Wouldn't it make sense to hide this setting within a comment block to
have it off by default since the file where this came from had "danger"
in its name and now it is enabled by default?
Given that a local installation with enabled root-by-password login is
likely to be harmless just double checking here and what the
expectations are in general.
> </preseed>
> <size>80G</size>
> <mem>2GiB</mem>
Sebastian
More information about the elbe-devel
mailing list