Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Install ssh permitroot #22076

Merged
merged 3 commits into from Jan 25, 2017
Merged

Install ssh permitroot #22076

merged 3 commits into from Jan 25, 2017

Conversation

bachp
Copy link
Member

@bachp bachp commented Jan 23, 2017

Motivation for this change

To make it easier to do an installation from a remote machine root login should be permitted on an installation CD.

For a discussion see: #20718

Things done
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested execution of iso (usually in ./result/iso/)
  • Fits CONTRIBUTING.md.

@mention-bot
Copy link

@bachp, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @thatdocslady and @nbp to be potential reviewers.

edolstra
edolstra reviewed Jan 24, 2017
View reviewed changes
nixos/modules/profiles/installation-device.nix
services.openssh = {
enable = true;
# Allow password login to the installation, if the user sets a password via "passwd"
# It is save as root doesn't have a password by default and SSH is disabled by default
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

save -> safe.

@edolstra
Copy link
Member

The danger here is that if we ever add a user account with a default password to the the installation media (e.g. demo / demo as in the VirtualBox image), then this leaves the user vulnerable as soon as they start sshd.

@dezgeg
Copy link
Contributor

dezgeg commented Jan 24, 2017

Isn't that already the case? Password logins are already enabled, just not for root.

@edolstra
Copy link
Member

Good point.

@bachp
Copy link
Member Author

bachp commented Jan 24, 2017

@edolstra even if a user is added SSH has still to be manually started

@bachp
install-device: permit root login with password
f6b2ab3 
Allow password login to the installation this allows doing remote installation
via SSH. All that need to be done on the local machine is:
1. Boot from the installation media
2. Set a password with passwd
3. Enable SSH with systemctl start sshd

It is safe as root doesn't have a password by default
and SSH is disabled by default.

Fixes NixOS#20718
@bachp
install-device: correct command to start sshd
be8079e
@bachp
installing: document how to activate SSH during installation
e5df372
@bachp
Copy link
Member Author

bachp commented Jan 24, 2017

@edolstra Typo fixed

@globin globin merged commit a6968ad into NixOS:master Jan 25, 2017
@bachp bachp deleted the install-ssh-permitroot branch January 25, 2017 21:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra edolstra left review comments

Assignees
No one assigned
Labels
6.topic: nixos
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@bachp @mention-bot @edolstra @dezgeg @fpletz @globin