[OpenWrt-Devel] Removing Telnet

Jonathan Bennett jbscience87 at gmail.com
Tue Sep 8 14:39:42 EDT 2015


Nak on setting a default password. The blank password has served its
purpose well for years now. Any preset password is asking for users to
leave it default. The only problem with blank ssh logins is it removes one
of the ways openwrt encouraged the user to set a password.

A banner that warns about a blank password would be fine, similar to what
Luci does. Any thoughts about forcing a password change on first ssh login?
I haven't thought through the idea fully myself.

On Tue, Sep 8, 2015 at 1:35 PM Vittorio G (VittGam) <openwrt at vittgam.net>
wrote:

> Il 08.09.2015 10:15 Steven Barth ha scritto:
> > as of https://dev.openwrt.org/changeset/46809 telnet is no longer part
> of
> > the base images. As a replacement, it is now possible to login to the
> root-
> > account via SSH without a password prompt whenever no root password is
> set,
> > e.g. after a flash without keeping config, factory reset or in failsafe.
>
> What about empty root password but authorized_keys for root present? This
> behavior is not clear from the patch...
>
> Maybe it would just be better to set the default root password to 'openwrt'
> or 'insecure' or 'change_me!'?
>
> Cheers,
> Vittorio
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.infradead.org/pipermail/openwrt-devel/attachments/20150908/12faf851/attachment.htm>
-------------- next part --------------
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list