On Thu, Feb 09, 2017 at 06:19:54PM +0100, Landry Breuil wrote:
> On Sun, Feb 05, 2017 at 08:37:31PM +0000, Stuart Henderson wrote:
> > On 2017/02/05 09:53, Robert Peichaer wrote:
> > > On Sun, Feb 05, 2017 at 10:46:41AM +0100, Landry Breuil wrote:
> > > > Hi,
> > > >
> > > > when installing 'throwaway' VMs (manually, not always using autoinstall
> > > > for
> > > > $REASONS) i've often found myself having to do right after the install:
> > > > install -d -m 700 /root/.ssh
> > > > install -m 600 /dev/null /root/.ssh/authorized_keys
> > > > (or touch /root/.ssh/authorized_keys && chmod 600
> > > > /root/.ssh/authorized_keys, ymmv)
> > > >
> > > > those are present in /etc/skel for "real" users, so why not creating
> > > > them for the root account ? install.sub also creates /mnt/root/.ssh when
> > > > using autoinstall and giving an ssh pubkey, so that'll be one less step
> > > > to do there.
> > > >
> > > > We advise ppl to set prohibit-password for PermitRootLogin, so why not
> > > > make it
> > > > easier to use it ? This ways, the correct modes are set.. i often
> > > > fat-fingered
> > > > this, to see sshd complaining (rightly!) about bad modes on
> > > > .ssh/authorized_keys.
> > >
> > > Conceptually I'd like this going in.
> >
> > +1. (On "managed" systems I use root-owned authorized_keys in a system
> > directory,
> > but this doesn't get in the way, and it makes things easier on ad-hoc
> > installed
> > systems).
>
> Finally built a release with this, the empty file is created in
> /var/sysmerge/etc.tgz, and sysmerge didnt overwrite my own
> /root/.ssh/authorized_keys - so i think i can now explicitely ask for okays.
> dtucker@ mentioned that in ${INSTALL} -c idiom the -c was a noop, but i kept
> it
> for consistency.
> Hopefully more ppl can chime in and think of potential drawbacks this
> diff exposes...
One of the drawbacks i see is that ppl *might* get a security alert from
changelist if the (empty) file suddenly appears after an upgrade... but
i think we can/should live with that ?
Landry
