[LEDE-DEV] [PATCH] dropbear: make syslog support configurable
Philip Prindeville
philipp_subx at redfish-solutions.com
Sat Nov 4 11:00:18 PDT 2017
> On Nov 4, 2017, at 3:14 AM, Petr Štetiar <ynezz at true.cz> wrote:
>
> Hans Dedecker <dedeckeh at gmail.com> [2017-11-03 13:46:14]:
>
> Hi,
>
>> By default dropbear logs to syslog which discloses info about account names
>> when doing connection attempts (e.g. "Bad password attempt for 'engineer'
>> from x.x.x.x:y")
>
> I don't get it, syslog discloses this information to whom and how?
>
>> As this facilitates brute force attempts against account names;
>
> So instead of preventing this brute force attempts, you'll just ignore them
> now? I'm wondering how is the brute forcing easier with syslog logging.
>
>> make syslog support configurable in order not to leak sensitive info via
>> syslog.
>
> I think, that those are nice warning messages, reminding you, that you're
> doing it wrong:
>
> 1. You should use pubkey auth.
> 2. You should limit access to your network services.
>
> -- ynezz
Also a good point: we eliminated this problem by only allowing key-based logins and disallowing passwords.
-Philip
More information about the Lede-dev
mailing list