From: Philip Prindeville <phil...@redfish-solutions.com> Allowing password logins leaves you vulnerable to dictionary attacks. We disable password-based authentication, limiting authentication to keys only which are more secure.
Note: You'll need to pre-populate your image with some initial keys. To do this: 1. Create the appropriate directory as "mkdir -p files/root/.ssh" from your top-level directory; 2. Copy your "~/.ssh/id_rsa.pub" (or as appropriate) into "files/root/.ssh/authorized_keys" and indeed, you can collect keys from several sources this way by concatenating them; 3. Set the permissions on "authorized_keys" to 644 or 640. Signed-off-by: Philip Prindeville <phil...@redfish-solutions.com> --- net/openssh/Makefile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/openssh/Makefile b/net/openssh/Makefile index 3a19387b0d0110fc5c25d7ffccb524a61c0588c4..7ca61f6ce6d5916016a554b4a283a874e950232c 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh PKG_VERSION:=7.6p1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ @@ -248,7 +248,10 @@ define Package/openssh-server/install $(INSTALL_DIR) $(1)/etc/ssh chmod 0700 $(1)/etc/ssh $(INSTALL_DATA) $(PKG_INSTALL_DIR)/etc/ssh/sshd_config $(1)/etc/ssh/ - sed -r -i 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ecdsa|ed25519)_key)$$$$,\1,' $(1)/etc/ssh/sshd_config + sed -r -i \ + -e 's,^#(HostKey /etc/ssh/ssh_host_(rsa|ecdsa|ed25519)_key)$$$$,\1,' \ + -e 's,^#PasswordAuthentication yes$$$$,PasswordAuthentication no,' \ + $(1)/etc/ssh/sshd_config $(INSTALL_DIR) $(1)/etc/init.d $(INSTALL_BIN) ./files/sshd.init $(1)/etc/init.d/sshd $(INSTALL_DIR) $(1)/usr/sbin -- 2.7.4 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
