On Sat, Feb 17, 2018 at 1:54 PM, Stijn Tintel wrote:
> On 09-02-18 01:28, Philip Prindeville wrote:
>> From: Philip Prindeville
>>
>> Allowing password logins leaves you vulnerable to dictionary
>> attacks. We disable password-based authentication, limiting
>> authentication to keys only which a
On 09-02-18 01:28, Philip Prindeville wrote:
> From: Philip Prindeville
>
> Allowing password logins leaves you vulnerable to dictionary
> attacks. We disable password-based authentication, limiting
> authentication to keys only which are more secure.
>
> Note: You'll need to pre-populate your im
Philip Prindeville wrote:
>
>
> In a perfect world, no one should ever have to build with
> patches, anything in files/, cherry-picked commits, etc.
> Everything would be expressed in the .config (or
> kernel-config).
I think this is probably the root of all the discussion. I agree
with you th
On 15.02.2018 16.52, Philip Prindeville wrote:
Well, right! That was my first approach with a “config" option to do exactly
that, but it was shot down:
https://github.com/openwrt/packages/pull/5520
I even defaulted the option to continue to allow passwords so that only people
who (a) selecte
Hi!
On Thu, Feb 15, 2018 at 08:51:23AM -0700, Philip Prindeville wrote:
> >
> > This is just about the default configuration, it's not a choice between
> > conflicting compile time options with varying security implications. While
> > key authentication may be best practice, allowing SSH passwo
> On Feb 14, 2018, at 3:00 PM, Magnus Kroken wrote:
>
> On 14.02.2018 22.13, Michelle Sullivan wrote:
>> FWIW, I had misunderstood the intent of the original comments... OpenSSH
>> server vs Dropbear - if someone is using OpenSSH server they already
>> went in with advanced config as Dropbear is
> On Feb 14, 2018, at 3:00 PM, Magnus Kroken wrote:
>
> On 14.02.2018 22.13, Michelle Sullivan wrote:
>> FWIW, I had misunderstood the intent of the original comments... OpenSSH
>> server vs Dropbear - if someone is using OpenSSH server they already
>> went in with advanced config as Dropbear i
On 02/14/2018 10:53 PM, David Woodhouse wrote:
On Wed, 2018-02-14 at 22:51 +0100, Alberto Bursi wrote:
Just change the WAN ssh port number to something in the dynamic port
range, pretty much 0 bots scan beyond the few well-known ports
range, and you save CPU resources too.
We're talking about
On 14.02.2018 22.13, Michelle Sullivan wrote:
FWIW, I had misunderstood the intent of the original comments... OpenSSH
server vs Dropbear - if someone is using OpenSSH server they already
went in with advanced config as Dropbear is the default - I'd err on the
side of security as they should alre
David Woodhouse wrote:
On Wed, 2018-02-14 at 22:51 +0100, Alberto Bursi wrote:
Just change the WAN ssh port number to something in the dynamic port
range, pretty much 0 bots scan beyond the few well-known ports
range, and you save CPU resources too.
We're talking about the default config here t
On Wed, 2018-02-14 at 22:51 +0100, Alberto Bursi wrote:
> Just change the WAN ssh port number to something in the dynamic port
> range, pretty much 0 bots scan beyond the few well-known ports
> range, and you save CPU resources too.
We're talking about the default config here though. Please let's
On 02/14/2018 10:36 PM, David Woodhouse wrote:
On Wed, 2018-02-14 at 12:34 -0700, Philip Prindeville wrote:
Once I was messing with firewall settings and accidentally disabled
the firewall. Within a few minutes, there were all sorts of password
attacks on the WAN port. Having a sufficiently
On Wed, 2018-02-14 at 12:34 -0700, Philip Prindeville wrote:
> Once I was messing with firewall settings and accidentally disabled
> the firewall. Within a few minutes, there were all sorts of password
> attacks on the WAN port. Having a sufficiently complex password
> slowed things down long eno
Philip Prindeville wrote:
On Feb 13, 2018, at 9:14 PM, Michelle Sullivan wrote:
[snip]
Personally - my thoughts
There should be an option to enable passwords (default off...)
A warning should be placed on the checkbox to inform the user it is not a good
idea to enable them.
SSH should
> On Feb 14, 2018, at 1:25 AM, Stijn Segers wrote:
>
> Yousong Zhou schreef op 14 februari 2018 09:06:11 CET:
>>
>> No, it's just complicating things up. When people really cares about
>> the default settings' security, the will override the default by also
>> specifying files/etc/ssh/sshd_c
> On Feb 14, 2018, at 1:06 AM, Yousong Zhou wrote:
>
> On 14 February 2018 at 11:53, Philip Prindeville
> wrote:
>>
>>> On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
>>>
>>> On 9 February 2018 at 08:28, Philip Prindeville
>>> wrote:
From: Philip Prindeville
Allowing pas
> On Feb 13, 2018, at 9:14 PM, Michelle Sullivan wrote:
>
> [snip]
> Personally - my thoughts
>
> There should be an option to enable passwords (default off...)
> A warning should be placed on the checkbox to inform the user it is not a
> good idea to enable them.
> SSH should be disable
Yousong Zhou schreef op 14 februari 2018 09:06:11 CET:
>On 14 February 2018 at 11:53, Philip Prindeville
> wrote:
>>
>>> On Feb 11, 2018, at 3:54 AM, Yousong Zhou
>wrote:
>>>
>>> On 9 February 2018 at 08:28, Philip Prindeville
>>> wrote:
From: Philip Prindeville
Allowing password
On 14 February 2018 at 11:53, Philip Prindeville
wrote:
>
>> On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
>>
>> On 9 February 2018 at 08:28, Philip Prindeville
>> wrote:
>>> From: Philip Prindeville
>>>
>>> Allowing password logins leaves you vulnerable to dictionary
>>> attacks. We disabl
On 14/02/2018 04:53, Philip Prindeville wrote:
On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
On 9 February 2018 at 08:28, Philip Prindeville
wrote:
From: Philip Prindeville
Allowing password logins leaves you vulnerable to dictionary
attacks. We disable password-based authentication,
Philip Prindeville wrote:
On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
On 9 February 2018 at 08:28, Philip Prindeville
wrote:
From: Philip Prindeville
Allowing password logins leaves you vulnerable to dictionary
attacks. We disable password-based authentication, limiting
authentication
> On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
>
> On 9 February 2018 at 08:28, Philip Prindeville
> wrote:
>> From: Philip Prindeville
>>
>> Allowing password logins leaves you vulnerable to dictionary
>> attacks. We disable password-based authentication, limiting
>> authentication to k
> On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
>
> On 9 February 2018 at 08:28, Philip Prindeville
> wrote:
>> From: Philip Prindeville
>>
>> Allowing password logins leaves you vulnerable to dictionary
>> attacks. We disable password-based authentication, limiting
>> authentication to
> On Feb 11, 2018, at 3:54 AM, Yousong Zhou wrote:
>
> On 9 February 2018 at 08:28, Philip Prindeville
> wrote:
>> From: Philip Prindeville
>>
>> Allowing password logins leaves you vulnerable to dictionary
>> attacks. We disable password-based authentication, limiting
>> authentication to
> On Feb 11, 2018, at 4:23 AM, Alberto Bursi wrote:
>
>
>
> On 02/11/2018 11:54 AM, Yousong Zhou wrote:
>> On 9 February 2018 at 08:28, Philip Prindeville
>> wrote:
>>> From: Philip Prindeville
>>>
>>> Allowing password logins leaves you vulnerable to dictionary
>>> attacks. We disable pa
Sent from my iPhone
> On Feb 11, 2018, at 4:11 AM, Torbjorn Jansson
> wrote:
>
>> On 2018-02-11 11:54, Yousong Zhou wrote:
>> On 9 February 2018 at 08:28, Philip Prindeville
>> wrote:
>>> From: Philip Prindeville
>>>
>>> Allowing password logins leaves you vulnerable to dictionary
>>> att
On 02/11/2018 11:54 AM, Yousong Zhou wrote:
On 9 February 2018 at 08:28, Philip Prindeville
wrote:
From: Philip Prindeville
Allowing password logins leaves you vulnerable to dictionary
attacks. We disable password-based authentication, limiting
authentication to keys only which are more se
On 2018-02-11 11:54, Yousong Zhou wrote:
On 9 February 2018 at 08:28, Philip Prindeville
wrote:
From: Philip Prindeville
Allowing password logins leaves you vulnerable to dictionary
attacks. We disable password-based authentication, limiting
authentication to keys only which are more secure.
On 9 February 2018 at 08:28, Philip Prindeville
wrote:
> From: Philip Prindeville
>
> Allowing password logins leaves you vulnerable to dictionary
> attacks. We disable password-based authentication, limiting
> authentication to keys only which are more secure.
>
> Note: You'll need to pre-popul
Paul Oranje wrote:
Your aptness for seeing the possible attack vectors warrants your judgement ...
Op 10 feb. 2018, om 17:07 heeft Philip Prindeville
het volgende geschreven:
On Feb 10, 2018, at 3:28 AM, Paul Oranje wrote:
Wouldn't it be appropriate to disallow password authentication on
Philip Prindeville wrote:
On Feb 10, 2018, at 6:03 PM, Michelle Sullivan wrote:
Paul Oranje wrote:
Your aptness for seeing the possible attack vectors warrants your judgement ...
Op 10 feb. 2018, om 17:07 heeft Philip Prindeville
het volgende geschreven:
On Feb 10, 2018, at 3:28 AM, P
> On Feb 10, 2018, at 6:03 PM, Michelle Sullivan wrote:
>
> Paul Oranje wrote:
>> Your aptness for seeing the possible attack vectors warrants your judgement
>> ...
>>
>>> Op 10 feb. 2018, om 17:07 heeft Philip Prindeville
>>> het volgende geschreven:
>>>
>>>
On Feb 10, 2018, at 3:28
Your aptness for seeing the possible attack vectors warrants your judgement ...
> Op 10 feb. 2018, om 17:07 heeft Philip Prindeville
> het volgende geschreven:
>
>
>> On Feb 10, 2018, at 3:28 AM, Paul Oranje wrote:
>>
>> Wouldn't it be appropriate to disallow password authentication on wan o
> On Feb 10, 2018, at 3:28 AM, Paul Oranje wrote:
>
> Wouldn't it be appropriate to disallow password authentication on wan only
> and allow it on all networks "behind" the router?
Not necessarily.
That’s why UPnP is such an issue. A machine inside a firewall gets infected by
a virus through
Wouldn't it be appropriate to disallow password authentication on wan only and
allow it on all networks "behind" the router?
> Op 9 feb. 2018, om 01:28 heeft Philip Prindeville
> het volgende geschreven:
>
> From: Philip Prindeville
>
> Allowing password logins leaves you vulnerable to dict
From: Philip Prindeville
Allowing password logins leaves you vulnerable to dictionary
attacks. We disable password-based authentication, limiting
authentication to keys only which are more secure.
Note: You'll need to pre-populate your image with some initial
keys. To do this:
1. Create the ap
36 matches
Mail list logo
