Ask / Submit
14

Separate UI for setting a password and enabling SSH connections

asked 2015-12-31 18:12:05 +0200

Federico gravatar image

updated 2016-01-01 12:46:40 +0200

In my head, having the ability to accept SSH connections and a having an user password set are two completely separate things:

  • I shouldn't need to have a SSH daemon running to set a user password (for use in devel-su, for instance), and
  • I shouldn't need to have a password set to connect via SSH. Currently, if I enable ssh connections but I don't set a password for nemo, I cannot log in even with a public key.

Unfortunately, the two things only come together in Jolla, which I think is confusing on multiple levels.

It's more than an inconvenience -- having a password set when you don't need it, or a sshd daemon running when you don't need it, is a security problem.

So, I have a feature request: It should be possible to set a password for user nemo without activating sshd, and it should be possible to have a running sshd without a password set.

Apologies if it has been asked already; I can find many related discussions but not this exact thing.

edit retag flag offensive close delete

Comments

4

Agreed. I found it confusing too but learned to live with it.

pichlo ( 2015-12-31 23:13:26 +0200 )edit

I agree with you in so far that both options should be handled separately. Wouldn't it be a good idea to set two different passwords in the UI, one for ssh connection as nemo and the other one for root access with devel-su? Actually, you type in the password to connect as nemo via ssh, and then you use the same password again to become root. This doesn't make any sense to me, because it doesn't mean any additional security in comparison to a direct login as root. Sure, you can use ssh keys instead, but shouldn't it work more secure out-of the-box?

By the way, I can always log in with the keys, even if ssh access is disabled. I just haven't managed yet to figure out, why this is possible.

Laura ( 2016-01-02 02:24:35 +0200 )edit

1 Answer

Sort by » oldest newest most voted
2

answered 2016-01-01 00:01:25 +0200

chemist gravatar image

This is just the way how it is initialized from the GUI, what you do to it later on is your own business. Think of it as a "Getting Started" procedure.

edit flag offensive delete publish link more

Comments

What do you mean? Even if a password is set, disabling and then re-enabling SSH access from the GUI resets it. Are you recommending that I should enable and disable SSH from command-line every time rather than from the GUI, or that I should leave it on at all times (which is another security problem)?

Federico ( 2016-01-01 12:46:00 +0200 )edit

Leaving ssh on is no security problem, if you think so you might want to install kimmoli's ssh access control - resetting the password on enabling it can be counted as a security feature though. And yes I am with you on that, it should not reset but then in terms of security, you were asking for disabling the password for ssh so where is the deal here? Having a password set that is considered to be save is as good as having it disabled, no? The whole issue you are on about is in my head considered minor and we all know that Jolla is way behind on delivering SFOS functionality and usability features incl but not limited to GUI toggles for everything. It is confusing once, there are n+ ways to work with it.

chemist ( 2016-01-01 13:21:36 +0200 )edit
1

I agree, it is a minor issue, but it also has a minor fix: just comment out the line of code that auto-resets the password and hides the password controls when you click on the "enable SSH" button.

Federico ( 2016-01-01 13:41:15 +0200 )edit
1

@Federico look through TJC by age, most of the stuff pretty old (old like Dec '13) can be fixed with a couple of lines changed or add a toggle altering some setting...

chemist ( 2016-01-01 14:11:33 +0200 )edit
Login/Signup to Answer

Question tools

Follow
2 followers

Stats

Asked: 2015-12-31 18:12:05 +0200

Seen: 381 times

Last updated: Jan 01 '16