From: Carlos Santos <casantos@datacom.com.br>
To: buildroot@busybox.net
Subject: [Buildroot] [RFC] openssh: add option to allow login as root
Date: Wed, 20 Mar 2019 13:25:49 -0300 (BRT) [thread overview]
Message-ID: <1085153408.3357867.1553099149887.JavaMail.zimbra@datacom.com.br> (raw)
In-Reply-To: <f11c03b3-7edd-5c55-7287-61684f2c9a64@mind.be>
> From: "Arnout Vandecappelle" <arnout@mind.be>
> To: "Peter Korsgaard" <peter@korsgaard.com>, "Esben Haabendal" <esben.haabendal@gmail.com>
> Cc: "Esben Haabendal" <esben@haabendal.dk>, "buildroot" <buildroot@buildroot.org>
> Sent: Ter?a-feira, 19 de mar?o de 2019 21:23:42
> Subject: Re: [Buildroot] [RFC] openssh: add option to allow login as root
> On 19/03/2019 23:42, Peter Korsgaard wrote:
>>>>>>> "Esben" == Esben Haabendal <esben.haabendal@gmail.com> writes:
>>
>> > From: Esben Haabendal <esben@haabendal.dk>
>> > What do you think. Is this kind of micro-management of a configuration
>> > file something that I should keep out of tree?
>>
>> We discussed it tonight on IRC and didn't really get to a good compromise.
>>
>> On one hand, we prefer to stick with upstream defaults (especially when
>> security is involved)
>
> This patch doesn't change the defaults.
>
>> , but it is true that dropbear allows root logins
>> by default.
>
> It's not nice that the default for dropbear and ssh is different, but that has
> little to do with deciding if this kind of configurability is relevant or not.
>
>> We prefer to not add configuration options for these kind of
>> detailed policy decisions,
>
> *That* is the crux of the matter. We normally only have configurability of
> compile-time options, and assume that anything else is handled in post-build
> scripts. The (only?) exception to that principle is the system menu.
>
> So *maybe* something global in the system menu could work, and then dropbear
> and openssh and whatnot would do whatever is needed to permit/disallow root
> login for that particular package. But I'm not exactly ecstatic about that
> option.
A global option to allow login as root via SSH regardless which ssh server is
chosen looks like a nice feature to me.
--
Carlos Santos (Casantos) - DATACOM, P&D
prev parent reply other threads:[~2019-03-20 16:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 11:41 [Buildroot] [RFC] openssh: add option to allow login as root Esben Haabendal
2019-03-19 15:23 ` Grant Edwards
2019-03-19 22:42 ` Peter Korsgaard
2019-03-20 0:23 ` Arnout Vandecappelle
2019-03-20 8:58 ` Peter Korsgaard
2019-03-20 9:05 ` James Hilliard
2019-03-20 9:23 ` Arnout Vandecappelle
2019-03-20 9:26 ` Yann E. MORIN
2019-03-20 9:32 ` James Hilliard
2019-03-20 16:25 ` Carlos Santos [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1085153408.3357867.1553099149887.JavaMail.zimbra@datacom.com.br \
--to=casantos@datacom.com.br \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.