X-Loop: help-debbugs@HIDDEN
Subject: bug#35460: Self supplied SSH host keys
Resent-From: rendaw <7e9wc56emjakcm@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sat, 27 Apr 2019 17:46:01 +0000
Resent-Message-ID: <handler.35460.B.15563871548546 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 35460
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 35460 <at> debbugs.gnu.org
X-Debbugs-Original-To: submit <at> debbugs.gnu.org
Received: via spool by submit <at> debbugs.gnu.org id=B.15563871548546
(code B ref -1); Sat, 27 Apr 2019 17:46:01 +0000
Received: (at submit) by debbugs.gnu.org; 27 Apr 2019 17:45:54 +0000
Received: from localhost ([127.0.0.1]:35965 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1hKROc-0002DS-0t
for submit <at> debbugs.gnu.org; Sat, 27 Apr 2019 13:45:54 -0400
Received: from out3-smtp.messagingengine.com ([66.111.4.27]:48127)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <7e9wc56emjakcm@HIDDEN>) id 1hKROZ-000261-Qa
for submit <at> debbugs.gnu.org; Sat, 27 Apr 2019 13:45:52 -0400
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46])
by mailout.nyi.internal (Postfix) with ESMTP id 5383821785
for <submit <at> debbugs.gnu.org>; Sat, 27 Apr 2019 13:45:46 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
by compute6.internal (MEProxy); Sat, 27 Apr 2019 13:45:46 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rendaw.me; h=to
:from:subject:message-id:date:mime-version:content-type
:content-transfer-encoding; s=fm3; bh=l+6vNfGpuC9OAvpy2iSupEQFJO
z/OGFeO2+4JL47L+c=; b=mtZv+nUdPe8Nf3J7lhgA+XjdlZzZfmedouSxpfnN4v
wiAwqaugS3aW2hdyzo5PVhH3nb7lbPaICpYBXdEyHkBOaimbMyHZBJMV+a7B9HW+
HRwhuIz6RYbTAwA3w1xoncITEhKASGfd7M7LbXwrI87k7CrOxJQi0lCTdi6lyPcu
E2RTVKuPkrpGNGODcv7GAULqMrwDRddGyozHWDLaOP3orD1UNx61nR0eDZdKLKxx
SZTOzi3g9H+yuadxk5mOZGZWrGArliZSmOEEahgjg7S8VCwgylEtqWsn4ppbakhD
pdR0Q9Z4u6k6S9WY3vEof0X+ulrebRp0+fb/FH2TRFvg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
messagingengine.com; h=content-transfer-encoding:content-type
:date:from:message-id:mime-version:subject:to:x-me-proxy
:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=l+6vNf
GpuC9OAvpy2iSupEQFJOz/OGFeO2+4JL47L+c=; b=z9rrNM8YBAguG+LPsn3jJP
hnZVT1ywd+nECPAHpQHdvv9F4d3xFqrU1Rv1INw0rvlviAm95ACK1q1pDuSQws9J
AMxpDvR7iF81647d+HT6qsYeaCfs9By4JS0vEJxiuiGzLfrmDluxebhfUyfuO8bg
F3DsNQJVDiv5UmaU40Bw01qiH73cGbEI9GTowjaXMuk/9AikGS2+VAXyPn6i89Wf
6NN5PJcrtoxcrv1VI14n+ggyHr5T8YfCl7wPHWe6flgdJdX6vdjMWqFXzA8r8xRP
FwQk7NQA0ksAHEGvcw7bk9vEKKXWSTFrhrgYBqBGvGmq5Kuy1JIivsF86ioVvVvQ
==
X-ME-Sender: <xms:SZXEXPfW1WtWBGLtj8USohHAtMfgcON9OYJhlHQSJDaPS7W2P9HSnw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrheekgdduudekucetufdoteggodetrfdotf
fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
uceurghilhhouhhtmecufedttdenucenucfjughrpefvhffukffffgggtgfgsehtjeertd
dtfeejnecuhfhrohhmpehrvghnuggrficuoeejvgelfigtheeivghmjhgrkhgtmhesshdr
rhgvnhgurgifrdhmvgeqnecukfhppeduudekrddvgeefrddvfeeirdduieelnecurfgrrh
grmhepmhgrihhlfhhrohhmpeejvgelfigtheeivghmjhgrkhgtmhesshdrrhgvnhgurgif
rdhmvgenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:SZXEXJoV2K65ipsjCWw3W71Dt5u5jjU6DQHivLPamzAkl93ncMiK0w>
<xmx:SZXEXFTGQ9FV_pr1io4moaG17JaL-vh868YYWgQcQAyeO__OkyLq6g>
<xmx:SZXEXC69PjvXXPILdU7321uNcBQK7_AFzX6mlY2twqrRVSsxDI10VQ>
<xmx:SpXEXMLAfK26EsLKlo-0fPLRXFChY-sv8MgKh6YSD5Lzo93oQpLYOg>
Received: from [192.168.1.35] (y236169.dynamic.ppp.asahi-net.or.jp
[118.243.236.169])
by mail.messagingengine.com (Postfix) with ESMTPA id 3C118E4173
for <submit <at> debbugs.gnu.org>; Sat, 27 Apr 2019 13:45:45 -0400 (EDT)
From: rendaw <7e9wc56emjakcm@HIDDEN>
Message-ID: <e6456771-5f66-a032-a2e2-826295dd0a7a@HIDDEN>
Date: Sun, 28 Apr 2019 02:45:43 +0900
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Thunderbird/60.5.3
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Package: guix
Version: 0.16.0
Severity: wishlist
In a disk-image the ssh host keys are generated anew every time the
system boots. This is a significant security issue - the unknown host
warnings will cause notification blindness and users won't recognize if
the host is legitimately compromised.
There's a workaround involving mounting the disk image (losetup -fP &
mount) after building it and adding the files that way, but it requires
a patch to the openssh service activation procedure to re-reset the file
permissions (they're set to 644 or something by an earlier statement).
I can submit my patch if there's interest.
This is a wishlist bug though since it requires a method to add files
with sensitive contents to the system, which I made another ticket for
(35459).
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: rendaw <7e9wc56emjakcm@HIDDEN> Subject: bug#35460: Acknowledgement (Self supplied SSH host keys) Message-ID: <handler.35460.B.15563871548546.ack <at> debbugs.gnu.org> References: <e6456771-5f66-a032-a2e2-826295dd0a7a@HIDDEN> X-Gnu-PR-Message: ack 35460 X-Gnu-PR-Package: guix Reply-To: 35460 <at> debbugs.gnu.org Date: Sat, 27 Apr 2019 17:46:01 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 35460 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 35460: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D35460 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.