Hello Michael, that is interesting, though I guess since these are mainly our default it shouldn't be too hard for someone manufacturing to change the config and readd a simple init-script for telnetd if that is really required.
Lack of entropy doesn't seem to be too much of an issue here, in fact in failsafe mode we generate a 1024 bit RSA-key on demand which takes <2s on my old Buffalo here. Granted its only 1024-bit but still. Now the regular keys are 2048-bit which takes about a minute which could be seen as problematic. However in the verge of making these changes we also removed DSS support and removed some of the ciphers (3DES, Twofish) and CBC mode in general as well, so we at least save ourselves the DSS key generation. In the future we might want to switch to add ed25519 since its more secure and probably faster than the classical approaches mechanisms here, but we have to ensure that it is compatible with at least most common SSH clients out there, mainly probably Putty on Windows and OpenSSH on Linux & OS X. Cheers, Steven _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
