Nak on setting a default password. The blank password has served its purpose well for years now. Any preset password is asking for users to leave it default. The only problem with blank ssh logins is it removes one of the ways openwrt encouraged the user to set a password.
A banner that warns about a blank password would be fine, similar to what Luci does. Any thoughts about forcing a password change on first ssh login? I haven't thought through the idea fully myself. On Tue, Sep 8, 2015 at 1:35 PM Vittorio G (VittGam) <[email protected]> wrote: > Il 08.09.2015 10:15 Steven Barth ha scritto: > > as of https://dev.openwrt.org/changeset/46809 telnet is no longer part > of > > the base images. As a replacement, it is now possible to login to the > root- > > account via SSH without a password prompt whenever no root password is > set, > > e.g. after a flash without keeping config, factory reset or in failsafe. > > What about empty root password but authorized_keys for root present? This > behavior is not clear from the patch... > > Maybe it would just be better to set the default root password to 'openwrt' > or 'insecure' or 'change_me!'? > > Cheers, > Vittorio > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
