[LEDE-DEV] [PATCH] dropbear: make syslog support configurable

Petr Štetiar ynezz at true.cz
Sat Nov 4 02:14:17 PDT 2017


Hans Dedecker <dedeckeh at gmail.com> [2017-11-03 13:46:14]:

Hi,

> By default dropbear logs to syslog which discloses info about account names
> when doing connection attempts (e.g. "Bad password attempt for 'engineer'
> from x.x.x.x:y")

I don't get it, syslog discloses this information to whom and how?

> As this facilitates brute force attempts against account names;

So instead of preventing this brute force attempts, you'll just ignore them
now? I'm wondering how is the brute forcing easier with syslog logging.

> make syslog support configurable in order not to leak sensitive info via
> syslog.

I think, that those are nice warning messages, reminding you, that you're
doing it wrong:

1. You should use pubkey auth.
2. You should limit access to your network services.

-- ynezz



More information about the Lede-dev mailing list