[LEDE-DEV] [PATCH v1 1/1] openssh: disable passwords for openssh server

[Philip Prindeville]

> On Feb 11, 2018, at 4:23 AM, Alberto Bursi <bobafetthotmail at gmail.com> wrote:
> 
> 
> 
> On 02/11/2018 11:54 AM, Yousong Zhou wrote:
>> On 9 February 2018 at 08:28, Philip Prindeville
>> <philipp at redfish-solutions.com> wrote:
>>> From: Philip Prindeville <philipp at redfish-solutions.com>
>>> 
>>> Allowing password logins leaves you vulnerable to dictionary
>>> attacks.  We disable password-based authentication, limiting
>>> authentication to keys only which are more secure.
>>> 
>>> Note: You'll need to pre-populate your image with some initial
>>> keys. To do this:
>>> 
>>> 1. Create the appropriate directory as "mkdir -p files/root/.ssh"
>>>    from your top-level directory;
>>> 2. Copy your "~/.ssh/id_rsa.pub" (or as appropriate) into
>>>    "files/root/.ssh/authorized_keys" and indeed, you can collect
>>>    keys from several sources this way by concatenating them;
>>> 3. Set the permissions on "authorized_keys" to 644 or 640.
>>> 
>> If forgetting doing this means I may need physical connection like vga
>> monitor or serial connection to "unlock" the device, very likely I
>> will hate this security enforcement...  It's just the inconvenience
>> regardless of whether the said situation should happen.  As a user I'd
>> like to keep this level of convenience as using password
>> authentication and turn it off when I see it appropriate.
>> 
>>                 yousong
>> 
>> 
> 
> This is the risk I also pointed out myself in the github PR about this.
> 
> Either this patch adds logic to check if there is indeed the right files in /files
> and aborts building if not found or you risks locking out yourself.
> 
> -Alberto


Packages aren’t supposed to care about things outside of themselves.  The only way you could do something like that which you’re suggesting is to have a virtual package which bundles /root/.ssh/authorized_keys as a file, and then make the openssl-server conditionally depend on it.

-Philip