[Buildroot] [RFC] openssh: add option to allow login as root
Carlos Santos
casantos at datacom.com.br
Wed Mar 20 16:25:49 UTC 2019
> From: "Arnout Vandecappelle" <arnout at mind.be>
> To: "Peter Korsgaard" <peter at korsgaard.com>, "Esben Haabendal" <esben.haabendal at gmail.com>
> Cc: "Esben Haabendal" <esben at haabendal.dk>, "buildroot" <buildroot at buildroot.org>
> Sent: Terça-feira, 19 de março de 2019 21:23:42
> Subject: Re: [Buildroot] [RFC] openssh: add option to allow login as root
> On 19/03/2019 23:42, Peter Korsgaard wrote:
>>>>>>> "Esben" == Esben Haabendal <esben.haabendal at gmail.com> writes:
>>
>> > From: Esben Haabendal <esben at haabendal.dk>
>> > What do you think. Is this kind of micro-management of a configuration
>> > file something that I should keep out of tree?
>>
>> We discussed it tonight on IRC and didn't really get to a good compromise.
>>
>> On one hand, we prefer to stick with upstream defaults (especially when
>> security is involved)
>
> This patch doesn't change the defaults.
>
>> , but it is true that dropbear allows root logins
>> by default.
>
> It's not nice that the default for dropbear and ssh is different, but that has
> little to do with deciding if this kind of configurability is relevant or not.
>
>> We prefer to not add configuration options for these kind of
>> detailed policy decisions,
>
> *That* is the crux of the matter. We normally only have configurability of
> compile-time options, and assume that anything else is handled in post-build
> scripts. The (only?) exception to that principle is the system menu.
>
> So *maybe* something global in the system menu could work, and then dropbear
> and openssh and whatnot would do whatever is needed to permit/disallow root
> login for that particular package. But I'm not exactly ecstatic about that
> option.
A global option to allow login as root via SSH regardless which ssh server is
chosen looks like a nice feature to me.
--
Carlos Santos (Casantos) - DATACOM, P&D
More information about the buildroot
mailing list