A couple of thoughts on some of the discussion around this:
1) I would be a proponent of a pre-set password, SSH without a password is very unusual behavior. I understand that there have been some comments "Any preset password is asking for users to leave it default." I fail to see how this is any more true for a default password compared with no password. Having no password is asking for people to leave it without any password at all. Therefore I would suggest that a preset password is no worse in terms of getting the password changed than having no password. In the past the incentive to set a password was to enable SSH but that will no longer be the case so I see no disadvantage to having a pre-set password (which will provide a better user experience as it's more "normal").
2) If there is a great concern about getting people to change passwords then there should be a first boot script which launches passwd for them the first time they connect. There are disadvantages to this as well no doubt but it would be worth discussing if you want to force a password set/change.
3) For those looking to run automated device setup scripts... I think it's time to come up with new plan, there are lots of options. If you are provisioning a large number of devices I would argue you should be creating a custom image anyway. That custom image could easily include a first boot script which automatically pulls some configuration files from an HTTP/HTTPS server or a FTP/TFTP server or any one of the other multitude of ways you could do this. Automatic device provisioning is a pretty well understood problem (see VoIP phones for example) and easily solvable. If you're not currently building custom images it's a bit more of a headache, but you probably should be anyway because there are some real advantages to it for multiple device initialization anyway.
4) If there is enough interest in automatic provisioning on first boot it might be possible to try and build it into the standard OpenWRT image too.
-Ben _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
