[OpenWrt-Devel] Removing Telnet

Ben Franske ben.lists at franske.com
Wed Sep 9 17:59:54 EDT 2015


A couple of thoughts on some of the discussion around this:

1) I would be a proponent of a pre-set password, SSH without a password 
is very unusual behavior. I understand that there have been some 
comments "Any preset password is asking for users to
leave it default." I fail to see how this is any more true for a default 
password compared with no password. Having no password is asking for 
people to leave it without any password at all. Therefore I would 
suggest that a preset password is no worse in terms of getting the 
password changed than having no password. In the past the incentive to 
set a password was to enable SSH but that will no longer be the case so 
I see no disadvantage to having a pre-set password (which will provide a 
better user experience as it's more "normal").

2) If there is a great concern about getting people to change passwords 
then there should be a first boot script which launches passwd for them 
the first time they connect. There are disadvantages to this as well no 
doubt but it would be worth discussing if you want to force a password 
set/change.

3) For those looking to run automated device setup scripts... I think 
it's time to come up with new plan, there are lots of options. If you 
are provisioning a large number of devices I would argue you should be 
creating a custom image anyway. That custom image could easily include a 
first boot script which automatically pulls some configuration files 
from an HTTP/HTTPS server or a FTP/TFTP server or any one of the other 
multitude of ways you could do this. Automatic device provisioning is a 
pretty well understood problem (see VoIP phones for example) and easily 
solvable. If you're not currently building custom images it's a bit more 
of a headache, but you probably should be anyway because there are some 
real advantages to it for multiple device initialization anyway.

4) If there is enough interest in automatic provisioning on first boot 
it might be possible to try and build it into the standard OpenWRT image 
too.

-Ben
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel



More information about the openwrt-devel mailing list