Hi Parazyd, thanks for accepting my merge requests so far.
I had been working on allowing to ssh to the OS after the first boot and then noticed you already had implemented the missing things (ssh host keys creation, allow root to ssh) through the copy-root-overlay function.
However I am worried about the fact that the /etc/ssh/sshd_config provided by the openssh-server package is replaced with a modified copy of this file, for several reasons:
- what will happen when sshd_config provided by the package maintainer get improved, will somebody remember to modify the one in arm-sdk accordingly?
- on one hand security is lowered (allow root login), on the other hand security is increased (remove weak host keys, disable X11 forward, ...), it does not feel coherent.
Wouldn't it be best to just leave the sshd_config as it is shipped by the openssh-server package maintainer? And instead create a normal user which can ssh to the system, then
su to root?
That is the solution I implemented. If you are willing to implement this instead of an overlay of sshd_config, tell me. I will then upload the code and you can verify if I implemented it correctly.
Creating a normal user pollutes the system and /etc/passwd. As these ARM boards are targeted at developers, one would appreciate to be able to login as root after the initial boot.
I am following the process of sshd_config being updated, and if there is need of changing it (for certain settings) it will be done promptly.
I still think creating a normal user is a lesser evil than having to watch and manually change the sshd_config file, which can be prone to error and oversight. But ok, let's keep it that way. Thanks
closedToggle commit list