Hi Colin, On Wed, Oct 18, 2017 at 08:17:49AM +0100, Colin Watson wrote: > On Tue, Oct 17, 2017 at 02:50:24PM -0700, Jimmy Kaplowitz wrote: > > Hello from the Debian cloud team sprint at Microsoft! We were just > > discussing the appropriate default value for the PasswordAuthentication > > option in sshd_config in Debian's cloud images. Most of these currently > > set it to 'no' by modifying the config file; we'd like a debconf option > > for this to be added, so that we make the change that way and offer a better > > user experience across package upgrades. > > Thanks for the suggestion. Does this patch look OK? It seems to do the > job in my local testing.
Your reply was impressively fast, and mine was depressingly slow! I apologize for the latter. We reviewed it during the sprint and marveled at your quick response time, but I failed to send a follow-up email. The patch looks great. The description would make more sense to me without the "(for internal use)" caveat, but I'm not going to bikeshed over such a detail. Once this is applied to unstable and migrates to testing, we can update our image build scripts to use this debconf option in lieu of a manual sed command on buster, or alternatively, in general except for the one or two older releases (stretch and maybe jessie) we still care about. I note when reviewing our build scripts that we also add a ClientAliveInterval line (not using sed), as befits a cloud environment where a network-level firewall will drop connections after extended periods of inactivity. Would you like me to file a separate wishlist bug for a debconf option for that value, or do you think it should stay a manual modification? Thanks! - Jimmy Kaplowitz ji...@debian.org