Request for Help on release preparation (identify packages with known security issues)
Joachim Breitner
mail at joachim-breitner.de
Sat Jul 19 18:34:03 CEST 2008
Hi,
Am Samstag, den 19.07.2008, 10:50 -0500 schrieb Mike (mwester):
> Another approach would be to craft some sort of script that would
> disable SSH logins via the wireless interface if the root password is
> empty. That might be really tricky; I'm not sure if SSH can do that,
> much less dropbear.
Just don’t allow empty passwords over ssh. At least with openssh, this
is no problem:
$ cat /etc/ssh/sshd_config |grep -i empty
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords yes
Support for that in dropbear is likely, otherwise probably not too hard.
Greetings,
Joachim
--
Joachim "nomeata" Breitner
mail: mail at joachim-breitner.de | ICQ# 74513189 | GPG-Key: 4743206C
JID: nomeata at joachim-breitner.de | http://www.joachim-breitner.de/
Debian Developer: nomeata at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.openmoko.org/pipermail/devel/attachments/20080719/d686c3ce/attachment.pgp
More information about the devel
mailing list
