aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2023-09-21 18:01:17 +0200
committerLudovic Courtès <ludo@gnu.org>2023-10-01 22:58:20 +0200
commitc3a19cc2ac7ddc821d7fc56455f68546b087be47 (patch)
treea8819cf08890f814689364afe3a6140e01de3fbd /doc
parent100d71f8a144fd58fc20b7ffa942b550118db526 (diff)
downloadguix-c3a19cc2ac7ddc821d7fc56455f68546b087be47.tar
guix-c3a19cc2ac7ddc821d7fc56455f68546b087be47.tar.gz
services: hurd-vm: Disable password-based authentication for root.
With offloading to a childhurd is enabled, allowing password-less root login in the childhurd to anyone amounts to providing write access to the host’s store to anyone. Thus, disable password-based root logins in the childhurd. * gnu/services/virtualization.scm (%hurd-vm-operating-system): Change ‘permit-root-login’ to 'prohibit-password. * gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’ field for ‘hurd-vm-configuration’. * doc/guix.texi (Virtualization Services): Remove mention of password-less root login.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi5
1 files changed, 0 insertions, 5 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 1869b59ef6..04d2ad0a69 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -35722,11 +35722,6 @@ guix shell tigervnc-client -- vncviewer localhost:5900
The default configuration (see @code{hurd-vm-configuration} below)
spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU
(the virtual machine emulator) redirects to port 10222 on the host.
-Thus, you can connect over SSH to the childhurd with:
-
-@example
-ssh root@@localhost -p 10022
-@end example
The childhurd is volatile and stateless: it starts with a fresh root
file system every time you restart it. By default though, all the files