[FreeWRT-developers] Re: [FreeWRT-commits] r325 - in trunk/freewrt: package package/base-files package/base-files/default/etc tools tools/mkpasswd tools/mkpasswd/src

Fri, 21 Jul 2006 07:04:20 -0700 

Hi,
On Fri, 21 Jul 2006 at 15:52 +0200, [EMAIL PROTECTED] wrote:
> Author: markus
> Date: 2006-07-21 15:52:46 +0200 (Fri, 21 Jul 2006)
> New Revision: 325
> 
> Added:
>    trunk/freewrt/tools/mkpasswd/
>    trunk/freewrt/tools/mkpasswd/Makefile
>    trunk/freewrt/tools/mkpasswd/src/
>    trunk/freewrt/tools/mkpasswd/src/config.h
>    trunk/freewrt/tools/mkpasswd/src/mkpasswd.c
> Modified:
>    trunk/freewrt/package/Config.in
>    trunk/freewrt/package/base-files/Makefile
>    trunk/freewrt/package/base-files/default/etc/passwd
>    trunk/freewrt/tools/Makefile
> Log:
> - added runtime config for password
> - added runtime config for ssh-key
> - added mkpasswd for crypt-md5 generation (needed for runtime password config)
> 
> 
> Modified: trunk/freewrt/package/Config.in
> ===================================================================
> --- trunk/freewrt/package/Config.in   2006-07-21 11:15:52 UTC (rev 324)
> +++ trunk/freewrt/package/Config.in   2006-07-21 13:52:46 UTC (rev 325)
> @@ -361,4 +361,21 @@
>         Leave empty to use distribution default:
>         http://www.freewrt.org/downloads/snapshots/@TARGET@/packages
>  
> +config BR2_RUNTIME_PASSWORD
> +     string "root password"
> +     default "FreeWRT"
> +     help
> +       Predefine the root password enabled in the the built image
> +
> +       - Leave empty to disable password login, beware: TELNET WILL BE OPEN!
> +       - type "-KEY-" to only allow ssh key login and define the ssh-key in
> +         the next step.

That is not true anymore. Telnetd will be only open in failsafe
mode. Please make a check that the password is non-empty. 
IIRC correctly even when dropbear should use
/etc/dropbear/authorized_keys for authentication a non-empty
password needs to be in /etc/passwd. 

It might be a good idea to add some kind of flag mechanism to
/etc/rc.conf. And if someone choose ssh key, he can also choose that
dropbear disallow ssh password authentication. This is a nice
security feature.

We will soon have a little nice TCL/TK FreeWRT configurator for the
Desktop, which uses SSH for communication. I have seen an amazing
demo yesterday night in the Netzladen in Bonn. 

It will be committed to svn after ICMP3.

bye
 Waldemar

Attachment: pgpvvmBZs38ib.pgp
Description: PGP signature

_______________________________________________
freewrt-developers mailing list
[email protected]
https://www.freewrt.org/lists/listinfo/freewrt-developers

Reply via email to