Hi, On Fri, Apr 22, 2016 at 1:28 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: > On Fri, Apr 22, 2016 at 01:17:24PM +0100, Zeeshan Ali (Khattak) wrote: >> HI Daniel, >> >> On Fri, Apr 22, 2016 at 1:00 PM, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: >> > On Fri, Apr 22, 2016 at 12:58:40PM +0100, Zeeshan Ali (Khattak) wrote: >> >> If either user or admin accounts are passwordless, configure SSH server >> >> to allow empty passwords so these accounts can login through SSH. >> >> --- >> >> .../fedoraproject.org/fedora-kickstart-desktop.xml.in | 6 ++++++ >> >> 1 file changed, 6 insertions(+) >> > >> > Do we really want todo this. IMHO apps should be enforcing a >> > non-zero length password for the accounts created by install >> > scripts. Configuring password-less ssh is madness given the >> > modern hostile network environments, even on intranets. >> >> Well without this patch, there is no way of SSHing into the guest if >> user/app chooses to have no password. Currently that is the default in >> Boxes but maybe Boxes should warn about it being unsecure but I think >> if user want passwordless machine, that is precisely what they should >> get. > > IMHO it is irresponsible to configure VMs to allow network based > access with zero authentication. The only valid case where I can > see having no password is if you have instead injected an SSH > public key to allow key based login access. So rather than this > patch to modify the SSH server to turn off all auth, how about > adding config parameter to associate an SSH public key with > the user account. Yeah, i guess that makes sense even though a lot more work. :) -- Regards, Zeeshan Ali (Khattak) _______________________________________________ Libosinfo mailing list Libosinfo@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libosinfo
