Bug#878945: Request from cloud team: please add a debconf option for PasswordAuthentication
Hi Colin,
On Wed, Oct 18, 2017 at 08:17:49AM +0100, Colin Watson wrote:
> On Tue, Oct 17, 2017 at 02:50:24PM -0700, Jimmy Kaplowitz wrote:
> > Hello from the Debian cloud team sprint at Microsoft! We were just
> > discussing the appropriate default value for the PasswordAuthentication
> > option in sshd_config in Debian's cloud images. Most of these currently
> > set it to 'no' by modifying the config file; we'd like a debconf option
> > for this to be added, so that we make the change that way and offer a better
> > user experience across package upgrades.
>
> Thanks for the suggestion. Does this patch look OK? It seems to do the
> job in my local testing.
Your reply was impressively fast, and mine was depressingly slow! I
apologize for the latter. We reviewed it during the sprint and marveled
at your quick response time, but I failed to send a follow-up email.
The patch looks great. The description would make more sense to me
without the "(for internal use)" caveat, but I'm not going to bikeshed
over such a detail.
Once this is applied to unstable and migrates to testing, we can update
our image build scripts to use this debconf option in lieu of a manual
sed command on buster, or alternatively, in general except for the one
or two older releases (stretch and maybe jessie) we still care about.
I note when reviewing our build scripts that we also add a
ClientAliveInterval line (not using sed), as befits a cloud environment
where a network-level firewall will drop connections after extended
periods of inactivity. Would you like me to file a separate wishlist bug
for a debconf option for that value, or do you think it should stay a
manual modification?
Thanks!
- Jimmy Kaplowitz
jimmy@debian.org
Reply to: