Bug#741678: marked as done (It is possible to use live user account to log in via SSH)
Your message dated Wed, 27 Aug 2014 00:04:37 +0000
with message-id <E1XMQj7-0004iV-VE@franck.debian.org>
and subject line Bug#741678: fixed in live-config 2.0.15-1.1+deb6u1
has caused the Debian Bug report #741678,
regarding It is possible to use live user account to log in via SSH
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
741678: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741678
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: live-config
Version: 4.0~alpha31-1
Severity: important
Tags: security
By default, live-config creates a user with known name (user) and password (live). In live images with included openssh-server, this means that anyone can log into a live system immediately once it connects to a network (which it tries to do during boot).
--- End Message ---
--- Begin Message ---
Source: live-config
Source-Version: 2.0.15-1.1+deb6u1
We believe that the bug you reported is fixed in the latest version of
live-config, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 741678@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luciano Bello <luciano@debian.org> (supplier of updated live-config package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 27 Aug 2014 01:42:16 +0200
Source: live-config
Binary: live-config live-config-runit live-config-sysvinit live-config-upstart
Architecture: source all
Version: 2.0.15-1.1+deb6u1
Distribution: squeeze-lts
Urgency: medium
Maintainer: Debian Live Project <debian-live@lists.debian.org>
Changed-By: Luciano Bello <luciano@debian.org>
Description:
live-config - Debian Live - System Configuration Scripts
live-config-runit - Debian Live - System Configuration Scripts (runit backend)
live-config-sysvinit - Debian Live - System Configuration Scripts (sysvinit backend)
live-config-upstart - Debian Live - System Configuration Scripts (upstart backend)
Closes: 741678
Changes:
live-config (2.0.15-1.1+deb6u1) squeeze-lts; urgency=medium
.
* Non-maintainer upload.
* Disabling ssh password authentication by default (Closes: #741678).
This fix is from: http://live.debian.net/gitweb/?p=live-config.git;
a=commitdiff;h=e776761a3cff82912e4e1edecaa894dfe52ffb61
Checksums-Sha1:
fec21128de0f3193ff45cf3f9aab0322d122dc10 1983 live-config_2.0.15-1.1+deb6u1.dsc
9c615b47edd0146220297167177b56fe6cd66b86 6941 live-config_2.0.15-1.1+deb6u1.diff.gz
780196d33b02bec999de3145d1d6ec78b1d5b26a 40822 live-config_2.0.15-1.1+deb6u1_all.deb
0d4121d9e640f3e55d0092cb110782be5caca4e2 7166 live-config-runit_2.0.15-1.1+deb6u1_all.deb
55389ecc2d5b99e905a835f8b305c53267d7349a 7900 live-config-sysvinit_2.0.15-1.1+deb6u1_all.deb
034862b010175c691b4c1d7ffacda819d18a2c9b 7066 live-config-upstart_2.0.15-1.1+deb6u1_all.deb
Checksums-Sha256:
b62ad4122a50537c72125f4fa2c6cf7638d5b6fea6fc842e26b3b5ea7d7e208c 1983 live-config_2.0.15-1.1+deb6u1.dsc
e1895f7cd372b1e5cdb49ae91e515961e5be8084c08ae8d3fa1f83c9dadf9c91 6941 live-config_2.0.15-1.1+deb6u1.diff.gz
b5f9be2a00b6e586274a8d2009e1d104ebc544aea79f503ae9ac5216b7c2c5cf 40822 live-config_2.0.15-1.1+deb6u1_all.deb
f0251e49ddc3bb5ed8b56e68419daace6f494ae9eb5565a6c0724e9a1b1e094f 7166 live-config-runit_2.0.15-1.1+deb6u1_all.deb
6ed08529e00b02b0e7e0bea244f9397ade5a36707f4de9756ea727ad970bac98 7900 live-config-sysvinit_2.0.15-1.1+deb6u1_all.deb
97947ccb786dd94f42bd1b96eb015d369ad0e15c4d735baf4b502b73d2495222 7066 live-config-upstart_2.0.15-1.1+deb6u1_all.deb
Files:
b7ed211735de2d21f38caf4ede2c4769 1983 misc optional live-config_2.0.15-1.1+deb6u1.dsc
9cf0c41b0ca348c2accdd3e35ea0b76c 6941 misc optional live-config_2.0.15-1.1+deb6u1.diff.gz
887419e899a65e9218e0a5750e21d810 40822 misc optional live-config_2.0.15-1.1+deb6u1_all.deb
6de7580fb5faf45937ae12c6e056d88a 7166 misc optional live-config-runit_2.0.15-1.1+deb6u1_all.deb
2e5ae101b1f909dcce137e5aa5860bf6 7900 misc optional live-config-sysvinit_2.0.15-1.1+deb6u1_all.deb
ab1a0b60788398c8faa241e2f6a9a260 7066 misc optional live-config-upstart_2.0.15-1.1+deb6u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJT/RzCAAoJEG7C3vaP/jd0OZUQAI77E3cQ3SS5X9AD3+Mws37f
qaLAKccQ3wxlEndA6slGdA3i3ov+1PyRRzebQXQmx9vmv3Rw+F5YQ9P5CRIjszNL
XbTm6Xg7vddzB9gH8pMj2JMt75QnJKRvvlsPRWlUnkSh2xncR762nzB8i6GVAfam
z3j32IreS7aIZ05W8YJuXyMsGUIXFlah/R6FYKsogcpzQfj8HCThANFXw/AFKYTR
/WQMl1Z3IBQCdCIE6fkZAKzB+JNjcVaNpmeIBbFJASXdbvaTT6ae6VjJ2WPFtco4
CDpYtdPvSNR1+YVYWd3d5CDTLNB8WROXMljvSG7wTu/DgsveWSEy7jMW8IRxY/ev
vv5A7FCFe/Ccj9T7Tjtce/jEMs0qrNy23zwOtFMtLzSXRYL+/pe8+QUKfxAxHraA
aHmiT+75HXUjRjDV2RN6XyUP8lpNzGE9f2AWCEautpNfjxwYkqYE+7jYhwrY769u
pVi50KpILxWDviKQfWrTViIIfH9HA+w4bK3lT6GgWCEJPeBH8R1o9GSo1TKz6j+W
OWNwtA0ngcZgjTNY7vmarIMHGQzWwrfNd1KFuSew4r82y3UEcNdhQIWQTZYOQTtp
DmyVJfIZXJj8RofP4csgFEn+po0FA/mHazub8gukU/ZNgql+luJGdqgymYCcCU6l
g+K5FeVH+ebjNSFzeVVl
=FeOJ
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: