[Commotion-dev] Ok to commit to master OpenWRT branch default root password?
Ben West
ben at gowasabi.net
Tue Jan 22 02:29:28 UTC 2013
This is encouraging to hear. Is the code base for DR1 RC somewhere on the
git repo at code.commotionwireless.net at present, or is that also pending
release soon too?
At any rate I won't commit anything to the master branch for a default root
password.
(Also, I hope the back ports for the newer kernel and compat-wireless
drivers mentioned in the other thread are still of use. Or maybe they're
now already obsolete ...)
On Monday, January 21, 2013, Dan Staples wrote:
> We actually have an entire quick start wizard in the works now for the
> Commotion DR1 release candidate, which should be released shortly. This
> will walk the user through all the steps of configuring a device,
> including root password, or uploading a configuration file, upon first
> boot. So I would say setting a default password would probably not be
> needed in this case.
>
> Dan
>
> On Mon 21 Jan 2013 07:10:24 PM EST, L. Aaron Kaplan wrote:
> >
> > On Jan 21, 2013, at 11:34 PM, Ben West <ben at gowasabi.net <javascript:;>>
> wrote:
> >
> >> This is why I ask. What is preferred method for letting users specify
> a root password?
> >
> > Yeah, a hard problem.
> >
> > Ideally you generate one initially and display it on some LCD once ;-)
> >
> > The problem that I see with having the password a well known default
> password is that usually people forget to change it. Search engines then
> find those devices on the internet. And they are sort of p0wned by
> definition then :)
> >
> >>
> >> OpenWRT by default has no root password set, expecting you first telnet
> in to set the password. This doesn't seem to play nicely with the
> automated configuration that the meshconfig tool tries to do. I had
> thought that compiling in a default root password into images did not
> change the (lack of) security of this arrangement any all, while at least
> letting meshconfig run to completion.
> >>
> > Well.... I did discover some openwrts in the wild which are default,
> unconfigured and once you greet them with a telnet login attempt, they will
> greet you back with a prompt ("#") sign. No password required. Yikes.
> >
> >
> > Personally I recommend the following:
> > Step 1: an unconfigured mesh node generates a random password
> > Step 2: it connects to some central server and fetches its configuration.
> > Step 3: It reconfigures itself based on the configuration stored in the
> nodeDB. The user can change the pwd from a nodeDB/dashboard.
> >
> > (I know this conflicts with the totally distributed approach of
> commotion, but that's how we will do it initially with our new nodeDB at
> Funkfeuer)
> >
> > That's one way to do it. ssh keys are a different one. X509 certificates
> also come to mind.
> > I am open to better suggestions.
> >
> > a.
> >
> >
> > _______________________________________________
> > Commotion-dev mailing list
> > Commotion-dev at lists.chambana.net <javascript:;>
> > https://lists.chambana.net/mailman/listinfo/commotion-dev
> >
>
> --
> Dan Staples
>
> Open Technology Institute
> https://commotionwireless.net
> _______________________________________________
> Commotion-dev mailing list
> Commotion-dev at lists.chambana.net <javascript:;>
> https://lists.chambana.net/mailman/listinfo/commotion-dev
>
>
--
Ben West
http://gowasabi.net
ben at gowasabi.net
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-dev/attachments/20130121/da53981d/attachment.html>
More information about the Commotion-dev
mailing list