Received: (at submit) by debbugs.gnu.org; 27 Apr 2019 17:45:54 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Sat Apr 27 13:45:54 2019 Received: from localhost ([127.0.0.1]:35965 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1hKROc-0002DS-0t for submit <at> debbugs.gnu.org; Sat, 27 Apr 2019 13:45:54 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:48127) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <7e9wc56emjakcm@HIDDEN>) id 1hKROZ-000261-Qa for submit <at> debbugs.gnu.org; Sat, 27 Apr 2019 13:45:52 -0400 Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 5383821785 for <submit <at> debbugs.gnu.org>; Sat, 27 Apr 2019 13:45:46 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Sat, 27 Apr 2019 13:45:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rendaw.me; h=to :from:subject:message-id:date:mime-version:content-type :content-transfer-encoding; s=fm3; bh=l+6vNfGpuC9OAvpy2iSupEQFJO z/OGFeO2+4JL47L+c=; b=mtZv+nUdPe8Nf3J7lhgA+XjdlZzZfmedouSxpfnN4v wiAwqaugS3aW2hdyzo5PVhH3nb7lbPaICpYBXdEyHkBOaimbMyHZBJMV+a7B9HW+ HRwhuIz6RYbTAwA3w1xoncITEhKASGfd7M7LbXwrI87k7CrOxJQi0lCTdi6lyPcu E2RTVKuPkrpGNGODcv7GAULqMrwDRddGyozHWDLaOP3orD1UNx61nR0eDZdKLKxx SZTOzi3g9H+yuadxk5mOZGZWrGArliZSmOEEahgjg7S8VCwgylEtqWsn4ppbakhD pdR0Q9Z4u6k6S9WY3vEof0X+ulrebRp0+fb/FH2TRFvg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=l+6vNf GpuC9OAvpy2iSupEQFJOz/OGFeO2+4JL47L+c=; b=z9rrNM8YBAguG+LPsn3jJP hnZVT1ywd+nECPAHpQHdvv9F4d3xFqrU1Rv1INw0rvlviAm95ACK1q1pDuSQws9J AMxpDvR7iF81647d+HT6qsYeaCfs9By4JS0vEJxiuiGzLfrmDluxebhfUyfuO8bg F3DsNQJVDiv5UmaU40Bw01qiH73cGbEI9GTowjaXMuk/9AikGS2+VAXyPn6i89Wf 6NN5PJcrtoxcrv1VI14n+ggyHr5T8YfCl7wPHWe6flgdJdX6vdjMWqFXzA8r8xRP FwQk7NQA0ksAHEGvcw7bk9vEKKXWSTFrhrgYBqBGvGmq5Kuy1JIivsF86ioVvVvQ == X-ME-Sender: <xms:SZXEXPfW1WtWBGLtj8USohHAtMfgcON9OYJhlHQSJDaPS7W2P9HSnw> X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrheekgdduudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefvhffukffffgggtgfgsehtjeertd dtfeejnecuhfhrohhmpehrvghnuggrficuoeejvgelfigtheeivghmjhgrkhgtmhesshdr rhgvnhgurgifrdhmvgeqnecukfhppeduudekrddvgeefrddvfeeirdduieelnecurfgrrh grmhepmhgrihhlfhhrohhmpeejvgelfigtheeivghmjhgrkhgtmhesshdrrhgvnhgurgif rdhmvgenucevlhhushhtvghrufhiiigvpedt X-ME-Proxy: <xmx:SZXEXJoV2K65ipsjCWw3W71Dt5u5jjU6DQHivLPamzAkl93ncMiK0w> <xmx:SZXEXFTGQ9FV_pr1io4moaG17JaL-vh868YYWgQcQAyeO__OkyLq6g> <xmx:SZXEXC69PjvXXPILdU7321uNcBQK7_AFzX6mlY2twqrRVSsxDI10VQ> <xmx:SpXEXMLAfK26EsLKlo-0fPLRXFChY-sv8MgKh6YSD5Lzo93oQpLYOg> Received: from [192.168.1.35] (y236169.dynamic.ppp.asahi-net.or.jp [118.243.236.169]) by mail.messagingengine.com (Postfix) with ESMTPA id 3C118E4173 for <submit <at> debbugs.gnu.org>; Sat, 27 Apr 2019 13:45:45 -0400 (EDT) To: submit <at> debbugs.gnu.org From: rendaw <7e9wc56emjakcm@HIDDEN> Subject: Self supplied SSH host keys Message-ID: <e6456771-5f66-a032-a2e2-826295dd0a7a@HIDDEN> Date: Sun, 28 Apr 2019 02:45:43 +0900 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.7 (-) Package: guix Version: 0.16.0 Severity: wishlist In a disk-image the ssh host keys are generated anew every time the system boots. This is a significant security issue - the unknown host warnings will cause notification blindness and users won't recognize if the host is legitimately compromised. There's a workaround involving mounting the disk image (losetup -fP & mount) after building it and adding the files that way, but it requires a patch to the openssh service activation procedure to re-reset the file permissions (they're set to 644 or something by an earlier statement). I can submit my patch if there's interest. This is a wishlist bug though since it requires a method to add files with sensitive contents to the system, which I made another ticket for (35459).
rendaw <7e9wc56emjakcm@HIDDEN>
:bug-guix@HIDDEN
.
Full text available.bug-guix@HIDDEN
:bug#35460
; Package guix
.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.