Hans Dedecker <dedec...@gmail.com> [2017-11-03 13:46:14]: Hi,
> By default dropbear logs to syslog which discloses info about account names > when doing connection attempts (e.g. "Bad password attempt for 'engineer' > from x.x.x.x:y") I don't get it, syslog discloses this information to whom and how? > As this facilitates brute force attempts against account names; So instead of preventing this brute force attempts, you'll just ignore them now? I'm wondering how is the brute forcing easier with syslog logging. > make syslog support configurable in order not to leak sensitive info via > syslog. I think, that those are nice warning messages, reminding you, that you're doing it wrong: 1. You should use pubkey auth. 2. You should limit access to your network services. -- ynezz _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
