[Commotion-dev] Ok to commit to master OpenWRT branch default root password?

[L. Aaron Kaplan]

On Jan 21, 2013, at 11:34 PM, Ben West <ben at gowasabi.net> wrote:

> This is why I ask.  What is preferred method for letting users specify a root password?

Yeah, a hard problem.

Ideally you generate one initially and display it on some LCD once ;-)

The problem that I see with having the password a well known default password is that usually people forget to change it. Search engines then find those devices on the internet. And they are sort of p0wned by definition then :)

> 
> OpenWRT by default has no root password set, expecting you first telnet in to set the password.  This doesn't seem to play nicely with the automated configuration that the meshconfig tool tries to do.  I had thought that compiling in a default root password into images did not change the (lack of) security of this arrangement any all, while at least letting meshconfig run to completion.
> 
Well.... I did discover some openwrts in the wild which are default, unconfigured and once you greet them with a telnet login attempt, they will greet you back with a prompt ("#") sign. No password required. Yikes.


Personally I recommend the following:
Step 1: an unconfigured mesh node generates a random password
Step 2: it connects to some central server and fetches its configuration.
Step 3: It reconfigures itself based on the configuration stored in the nodeDB. The user can change the pwd from a nodeDB/dashboard.

(I know this conflicts with the totally distributed approach of commotion, but that's how we will do it initially with our new nodeDB at Funkfeuer)

That's one way to do it. ssh keys are a different one. X509 certificates also come to mind.
I am open to better suggestions.

a.