diff options
author | Ludovic Courtès <ludo@gnu.org> | 2023-09-21 18:01:17 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-10-01 22:58:20 +0200 |
commit | c3a19cc2ac7ddc821d7fc56455f68546b087be47 (patch) | |
tree | a8819cf08890f814689364afe3a6140e01de3fbd /doc | |
parent | 100d71f8a144fd58fc20b7ffa942b550118db526 (diff) | |
download | guix-c3a19cc2ac7ddc821d7fc56455f68546b087be47.tar guix-c3a19cc2ac7ddc821d7fc56455f68546b087be47.tar.gz |
services: hurd-vm: Disable password-based authentication for root.
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 5 |
1 files changed, 0 insertions, 5 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 1869b59ef6..04d2ad0a69 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -35722,11 +35722,6 @@ guix shell tigervnc-client -- vncviewer localhost:5900 The default configuration (see @code{hurd-vm-configuration} below) spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU (the virtual machine emulator) redirects to port 10222 on the host. -Thus, you can connect over SSH to the childhurd with: - -@example -ssh root@@localhost -p 10022 -@end example The childhurd is volatile and stateless: it starts with a fresh root file system every time you restart it. By default though, all the files |