[LEDE-DEV] [PATCH] dropbear: make syslog support configurable

Philip Prindeville philipp_subx at redfish-solutions.com
Sat Nov 4 11:00:18 PDT 2017


> On Nov 4, 2017, at 3:14 AM, Petr Štetiar <ynezz at true.cz> wrote:
> 
> Hans Dedecker <dedeckeh at gmail.com> [2017-11-03 13:46:14]:
> 
> Hi,
> 
>> By default dropbear logs to syslog which discloses info about account names
>> when doing connection attempts (e.g. "Bad password attempt for 'engineer'
>> from x.x.x.x:y")
> 
> I don't get it, syslog discloses this information to whom and how?
> 
>> As this facilitates brute force attempts against account names;
> 
> So instead of preventing this brute force attempts, you'll just ignore them
> now? I'm wondering how is the brute forcing easier with syslog logging.
> 
>> make syslog support configurable in order not to leak sensitive info via
>> syslog.
> 
> I think, that those are nice warning messages, reminding you, that you're
> doing it wrong:
> 
> 1. You should use pubkey auth.
> 2. You should limit access to your network services.
> 
> -- ynezz



Also a good point: we eliminated this problem by only allowing key-based logins and disallowing passwords.

-Philip




More information about the Lede-dev mailing list