Gregory Meyer, CPA
greg at btcincny.com
Wed Jul 23 02:10:22 CEST 2008
As long as having a password doesn't upset the function of the phone,
I think I'll just set a password, disable password logins and use my
ssh key. Thanks.
One other question I guess. I don't see any warning that the phone as
is has this vulnerability. Shouldn't there be some warning or is it
expected that the current audience knows to deal with this?
On Sun, Jul 20, 2008 at 11:35 PM, Greg Bonett <greg at bonett.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Gregory Meyer wrote:
> | Since the device does not have a root password by default, it is
> | possible for anyone to ssh to the device while I am connected to a
> | wifi AP. IS it advisable to set a root password or does that screw up
> | the phone? Maybe only allow ssh login on the usb0 network interface
> | as an alternative?
> | Thanks
> | --
> | Greg
> If you don't set a root password anyone will be able to log onto your
> phone if they can reach it on the network. I don't think there are any
> downsides to setting a password (I did) passwd should do the trick.
> - -Greg
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (FreeBSD)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
> support mailing list
> support at lists.openmoko.org
More information about the support