[OpenWrt-Devel] Removing Telnet
Ben Franske
ben.lists at franske.com
Wed Sep 9 17:59:54 EDT 2015
A couple of thoughts on some of the discussion around this:
1) I would be a proponent of a pre-set password, SSH without a password
is very unusual behavior. I understand that there have been some
comments "Any preset password is asking for users to
leave it default." I fail to see how this is any more true for a default
password compared with no password. Having no password is asking for
people to leave it without any password at all. Therefore I would
suggest that a preset password is no worse in terms of getting the
password changed than having no password. In the past the incentive to
set a password was to enable SSH but that will no longer be the case so
I see no disadvantage to having a pre-set password (which will provide a
better user experience as it's more "normal").
2) If there is a great concern about getting people to change passwords
then there should be a first boot script which launches passwd for them
the first time they connect. There are disadvantages to this as well no
doubt but it would be worth discussing if you want to force a password
set/change.
3) For those looking to run automated device setup scripts... I think
it's time to come up with new plan, there are lots of options. If you
are provisioning a large number of devices I would argue you should be
creating a custom image anyway. That custom image could easily include a
first boot script which automatically pulls some configuration files
from an HTTP/HTTPS server or a FTP/TFTP server or any one of the other
multitude of ways you could do this. Automatic device provisioning is a
pretty well understood problem (see VoIP phones for example) and easily
solvable. If you're not currently building custom images it's a bit more
of a headache, but you probably should be anyway because there are some
real advantages to it for multiple device initialization anyway.
4) If there is enough interest in automatic provisioning on first boot
it might be possible to try and build it into the standard OpenWRT image
too.
-Ben
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list