Request for Help on release preparation (identify packages with known security issues)

Joachim Breitner mail at
Sat Jul 19 18:34:03 CEST 2008


Am Samstag, den 19.07.2008, 10:50 -0500 schrieb Mike (mwester):
> Another approach would be to craft some sort of script that would
> disable SSH logins via the wireless interface if the root password is
> empty.  That might be really tricky; I'm not sure if SSH can do that,
> much less dropbear.

Just don’t allow empty passwords over ssh. At least with openssh, this
is no problem:

$ cat /etc/ssh/sshd_config |grep -i empty
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords yes

Support for that in dropbear is likely, otherwise probably not too hard.

Joachim "nomeata" Breitner
  mail: mail at | ICQ# 74513189 | GPG-Key: 4743206C
  JID: nomeata at |
  Debian Developer: nomeata at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : 

More information about the devel mailing list