On Mon, Nov 27, 2017 at 09:26:33PM -0500, Jimmy Kaplowitz wrote: > On Wed, Oct 18, 2017 at 08:17:49AM +0100, Colin Watson wrote: > > On Tue, Oct 17, 2017 at 02:50:24PM -0700, Jimmy Kaplowitz wrote: > > > Hello from the Debian cloud team sprint at Microsoft! We were just > > > discussing the appropriate default value for the PasswordAuthentication > > > option in sshd_config in Debian's cloud images. Most of these currently > > > set it to 'no' by modifying the config file; we'd like a debconf option > > > for this to be added, so that we make the change that way and offer a > > > better > > > user experience across package upgrades. > > > > Thanks for the suggestion. Does this patch look OK? It seems to do the > > job in my local testing. > > Your reply was impressively fast, and mine was depressingly slow! I > apologize for the latter. We reviewed it during the sprint and marveled > at your quick response time, but I failed to send a follow-up email. > > The patch looks great. The description would make more sense to me > without the "(for internal use)" caveat, but I'm not going to bikeshed > over such a detail.
That's just the magic string Lintian checks for to decide whether it should complain about an untranslatable template. I guess it's a bit ugly here; I'll work out the necessary overrides instead. > I note when reviewing our build scripts that we also add a > ClientAliveInterval line (not using sed), as befits a cloud environment > where a network-level firewall will drop connections after extended > periods of inactivity. Would you like me to file a separate wishlist bug > for a debconf option for that value, or do you think it should stay a > manual modification? Hmm. Of course you can file a bug about anything you like, and I do see that you only really get the full benefit of this if you can make all the changes you need to make without sed. However, while needing to change PasswordAuthentication is pretty common, I'm starting to get a bit worried about having to basically reflect all of sshd_config into debconf. Is there any particular reason to believe that the changes you've needed to make so far form a closed set? I'm hoping that eventually https://bugzilla.mindrot.org/show_bug.cgi?id=2468 will happen so that this is less of a problem ... Thanks, -- Colin Watson [cjwat...@debian.org]
