The officially official Devuan Forum!

You are not logged in.

#1 2017-07-24 20:01:31

Giovanni Rapagnani
d1g
Registered: 2017-03-06
Posts: 0

copy-root-overlay: /etc/ssh/sshd_config

Hi Parazyd, thanks for accepting my merge requests so far.

I had been working on allowing to ssh to the OS after the first boot and then noticed you already had implemented the missing things (ssh host keys creation, allow root to ssh) through the copy-root-overlay function.

However I am worried about the fact that  the /etc/ssh/sshd_config provided by the openssh-server package is replaced with a modified copy of this file, for several reasons:
- what will happen when sshd_config provided by the package maintainer get improved, will somebody remember to modify the one in arm-sdk accordingly?
- on one hand security is lowered (allow root login), on the other hand security is increased (remove weak host keys, disable X11 forward, ...), it does not feel coherent.

Wouldn't it be best  to just leave the sshd_config as it is shipped by the openssh-server package maintainer? And instead create a normal user which can ssh to the system, then <code>su</code> to root?

That is the solution I implemented. If you are willing to implement this instead of an overlay of sshd_config, tell me. I will then upload the code and you can verify if I implemented it correctly.

________________________________________

Project: sdk/arm-sdk
Issue: #21
By: Giovanni Rapagnani

Offline

Board footer