[OpenWrt-Devel] [PATCH] base-files utils/busybox: Make requiring login in console default for easily accessed devices
bittorf at bluebottle.com
Thu Dec 24 16:42:10 EST 2015
* Michael Richardson <mcr at sandelman.ca> [24.12.2015 22:14]:
> 2) if the user is "used" to a key mismatch, and they type their password in,
> the password has just been compromised.
this is indeed true for IPv6/linklocal
> A better approach is that the ssh daemon should start, open port 22, and then
> do SSHv2 transport mode up to the key-exchange, and then just respond to
> keep alives, ideally with a message to "Please stand by", if we can find
> a way to do that in-protocol. (wow. it's been 18 years since I worked at ssh...)
this is very interesting.
i'am not sure how big this impact is to the dropbear codebase, but i like it.
thanks for your feedback. bye, bastian
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
More information about the openwrt-devel