[LEDE-DEV] [PATCH v1 1/1] openssh: disable passwords for openssh server
Michelle Sullivan
michelle at sorbs.net
Wed Feb 14 13:13:00 PST 2018
Philip Prindeville wrote:
>
>> On Feb 13, 2018, at 9:14 PM, Michelle Sullivan <michelle at sorbs.net> wrote:
>>
>> [snip]
>> Personally - my thoughts ....
>>
>> There should be an option to enable passwords (default off...)
>> A warning should be placed on the checkbox to inform the user it is not a good idea to enable them.
>> SSH should be disabled on external interfaces unless specifically enabled. (what constitutes 'external' if there is no 'wan' port? ...i.e. AP only?)
>> SSH without password in place and no keys should be unconditionally disabled (and not enable-able - except by hand editing.)
>> One could try to do what some manufacturers have done and open ssh for a period of time if the WPS button is depressed for a certain length of time as a 'fool proof' command login.... personally though I think anyone using SSH instead of the webinterface is more than likely going to know what they are doing and therefore it should not be an issue... ie err on the side of 'there is an idiot at the controls, lets make it default as secure as possible'...
>>
>> --
>> Michelle Sullivan
>> http://www.mhix.org/
>>
>
> Thanks for the suggestion. Alas OpenSSH allows one to specify a ListenAddress which you could match to the “lan” or “wan” address(es). Problem is that if you’re using DHCP on the “wan”, you’d have to rewrite the file (and restart the service) every time DHCP changed the address on the interface.
>
> What would be better is if OpenSSH had a ListenInterface configuration parameter instead, and used netlink to listen for address changes… but that would be a bit of complexity (although you’d think it would be a common enough requirement for applications that someone would have come up with a library to do exactly that in a portable fashion).
>
> Your conclusion is spot on: it’s hard to offer good security and make it foolproof at the same time because the approaches go in exactly opposite directions. Security requires extreme pessimism, even paranoia, and user-friendliness implies being extremely forgiving.
>
> It’s hard to have both.
>
> -Philip
>
FWIW, I had misunderstood the intent of the original comments... OpenSSH
server vs Dropbear - if someone is using OpenSSH server they already
went in with advanced config as Dropbear is the default - I'd err on the
side of security as they should already know what they are doing.... it
should be recoverable by webinterface though (rather than worrying about
people 'fixing' by using something not secure.)
--
Michelle Sullivan
http://www.mhix.org/
More information about the Lede-dev
mailing list