Commits on Sep 10, 2020

1. nixos/installer: enable sshd by default …

   Right now the UX for installing NixOS on a headless system is very bad.
   To enable sshd without physical steps users have to have either physical
   access or need to be very knowledge-able to figure out how to modify the
   installation image by hand to put an `sshd.service` symlink in the
   right directory in /nix/store. This is in particular a problem on ARM
   SBCs (single board computer) but also other hardware where network is
   the only meaningful way to access the hardware.
   
   This commit enables sshd by default. This does not give anyone access to
   the NixOS installer since by default. There is no user with a non-empty
   password or key. It makes it easy however to add ssh keys to the
   installation image (usb stick, sd-card on arm boards) by simply mounting
   it and adding a keys to `/root/.ssh/authorized_keys`.
   Importantly this should not require nix/nixos on the machine that
   prepare the installation device and even feasiable on non-linux systems
   by using ext4 third party drivers.
   
   Potential new threats: Since this enables sshd by default a
   potential bug in openssh could lead to remote code execution. Openssh
   has a very good track-record over the last 20 years, which makes it
   far more likely that Linux itself would have a remote code execution
   vulnerability. It is trusted by millions of servers on many operating
   systems to be exposed to the internet by default.
   
   Co-authored-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
   (cherry picked from commit a5872ed)

   

   Mic92 committed Sep 10, 2020
   Copy the full SHA

   ed44326 View commit details

   Browse the repository at this point in the history