Conversation
The root user is often the only user present on the system, let's trust OpenSSH to authenticate it properly, and open this up by default. This mimics a similar patch in systemd.
|
I know this might be controversial, but frankly, if your root account has such a bad pw that it's trivial to guess, then maybe that's the problem, not the fact it is accessible via sshd... (i have been running things with this since time began, I think it might makes sense to jus tdo this by default, this seems misplaced paranoia to me) |
|
Not sure about this one... maybe it would be better as a credential for mkosi qemu? |
|
So whether we do stuff like this depends a bit on what exactly we want ParticleOS to be. In my view, it's your regular run of the mill distro, but using all of the systemd stuff for immutable systems. When it doesn't come to systemd stuff, I don't really want us to be too perscriptive unless it's opt-in. I think it's fine if you want this enabled, but I doubt every user will want this and I don't think it's something we should override in ParticleOS. There's a reason distros don't enable this by default and I don't want to just override it in ParticleOS with a few lines of commit message and no discussion. Of course particleos is designed to be easily extended and fork. It's absolutely trivial to maintain a deviation such as this in your fork of particleos. |
3 participants
The root user is often the only user present on the system, let's trust OpenSSH to authenticate it properly, and open this up by default.
This mimics a similar patch in systemd.