services: hurd-vm: Disable password-based authentication for root.

With offloading to a childhurd is enabled, allowing password-less root login in the childhurd to anyone amounts to providing write access to the host’s store to anyone. Thus, disable password-based root logins in the childhurd. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Change ‘permit-root-login’ to 'prohibit-password. * gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’ field for ‘hurd-vm-configuration’. * doc/guix.texi (Virtualization Services): Remove mention of password-less root login.
author: Ludovic Courtès <ludo@gnu.org> 2023-09-21 18:01:17 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2023-10-01 22:58:20 +0200
commit: c3a19cc2ac7ddc821d7fc56455f68546b087be47 (patch)
tree: a8819cf08890f814689364afe3a6140e01de3fbd /gnu/services
parent: 100d71f8a144fd58fc20b7ffa942b550118db526 (diff)
download: guix-c3a19cc2ac7ddc821d7fc56455f68546b087be47.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 258b503461..930c2ce702 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -1080,7 +1080,7 @@ that will be listening to receive secret keys on port 1004, TCP."
                         (openssh-configuration
                          (openssh openssh-sans-x)
                          (use-pam? #f)
-                         (permit-root-login #t)
+                         (permit-root-login 'prohibit-password)
                          (allow-empty-passwords? #t)
                          (password-authentication? #t)))
author	Ludovic Courtès <ludo@gnu.org>	2023-09-21 18:01:17 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2023-10-01 22:58:20 +0200
commit	c3a19cc2ac7ddc821d7fc56455f68546b087be47 (patch)
tree	a8819cf08890f814689364afe3a6140e01de3fbd /gnu/services
parent	100d71f8a144fd58fc20b7ffa942b550118db526 (diff)
download	guix-c3a19cc2ac7ddc821d7fc56455f68546b087be47.tar.gz