From: Carlos Santos <casantos@datacom.com.br>
To: buildroot@busybox.net
Subject: [Buildroot] [RFC] openssh: add option to allow login as root
Date: Wed, 20 Mar 2019 13:25:49 -0300 (BRT) [thread overview]
Message-ID: <1085153408.3357867.1553099149887.JavaMail.zimbra@datacom.com.br> (raw)
In-Reply-To: <f11c03b3-7edd-5c55-7287-61684f2c9a64@mind.be>
> From: "Arnout Vandecappelle" <arnout@mind.be>
> To: "Peter Korsgaard" <peter@korsgaard.com>, "Esben Haabendal" <esben.haabendal@gmail.com>
> Cc: "Esben Haabendal" <esben@haabendal.dk>, "buildroot" <buildroot@buildroot.org>
> Sent: Ter?a-feira, 19 de mar?o de 2019 21:23:42
> Subject: Re: [Buildroot] [RFC] openssh: add option to allow login as root
> On 19/03/2019 23:42, Peter Korsgaard wrote:
>>>>>>> "Esben" == Esben Haabendal <esben.haabendal@gmail.com> writes:
>>
>> > From: Esben Haabendal <esben@haabendal.dk>
>> > What do you think. Is this kind of micro-management of a configuration
>> > file something that I should keep out of tree?
>>
>> We discussed it tonight on IRC and didn't really get to a good compromise.
>>
>> On one hand, we prefer to stick with upstream defaults (especially when
>> security is involved)
>
> This patch doesn't change the defaults.
>
>> , but it is true that dropbear allows root logins
>> by default.
>
> It's not nice that the default for dropbear and ssh is different, but that has
> little to do with deciding if this kind of configurability is relevant or not.
>
>> We prefer to not add configuration options for these kind of
>> detailed policy decisions,
>
> *That* is the crux of the matter. We normally only have configurability of
> compile-time options, and assume that anything else is handled in post-build
> scripts. The (only?) exception to that principle is the system menu.
>
> So *maybe* something global in the system menu could work, and then dropbear
> and openssh and whatnot would do whatever is needed to permit/disallow root
> login for that particular package. But I'm not exactly ecstatic about that
> option.
A global option to allow login as root via SSH regardless which ssh server is
chosen looks like a nice feature to me.
--
Carlos Santos (Casantos) - DATACOM, P&D
prev parent reply other threads:[~2019-03-20 16:25 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-19 11:41 [Buildroot] [RFC] openssh: add option to allow login as root Esben Haabendal
2019-03-19 15:23 ` Grant Edwards
2019-03-19 22:42 ` Peter Korsgaard
2019-03-20 0:23 ` Arnout Vandecappelle
2019-03-20 8:58 ` Peter Korsgaard
2019-03-20 9:05 ` James Hilliard
2019-03-20 9:23 ` Arnout Vandecappelle
2019-03-20 9:26 ` Yann E. MORIN
2019-03-20 9:32 ` James Hilliard
2019-03-20 16:25 ` Carlos Santos [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1085153408.3357867.1553099149887.JavaMail.zimbra@datacom.com.br \
--to=casantos@datacom.com.br \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox