On Fri, Sep 23, 2016 at 5:47 PM, Steve Langasek < [email protected]> wrote:
> On Fri, Sep 23, 2016 at 03:02:32PM +0200, Oliver Grawert wrote: > > On Fr, 2016-09-23 at 14:59 +0200, Loïc Minier wrote: > > > I agree this isn't great; I wanted to mention an old but still > > > working workaround: mDNS. Snapweb should publish a snapweb.local mDNS > > > record on your LAN, so ssh [email protected] should work. Note that > > > this only works for one device at a time, so you want to change the > > > hostname to have e.g. rpi3-xyz.local. > > > and even better, it could run an open ssh login like d-i does (i.e. on > > the NSLU2 images) where console-conf runs on for the initial setup. > > i was wondering from the start why we dont do this and instead default > > to physical consoles... > > Because the plan is for us to have 8 billion of these devices running > Ubuntu, connected to the Internet, and mostly *not* having anyone claim > ownership. So you don't want an ssh connection open to the world where > anyone with a snap store account can claim to be the owner of your device - > or assume that all of these devices are firewalled. > > In one of our discussions, I suggested allowing such connections only from > the local network. That's trickier to implement than just turning on ssh, > so not done yet. > > (And if it doesn't already, snapweb really ought to have the same ACL IMHO) > +1; I was thinking the same thing recently as snapweb was gaining more features. It's already able to install any snap one likes, so it's quite a permissive interface without auth already. I filed https://bugs.launchpad.net/snapweb/+bug/1627093 for us to remember this Cheers, - Loïc > > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developer http://www.debian.org/ > [email protected] [email protected] > > -- > Devices mailing list > [email protected] > Modify settings or unsubscribe at: https://lists.snapcraft.io/ > mailman/listinfo/devices > > -- - Loïc
-- Devices mailing list [email protected] Modify settings or unsubscribe at: https://lists.snapcraft.io/mailman/listinfo/devices
