[Commotion-dev] Ok to commit to master OpenWRT branch default root password?

Dan Staples danstaples at opentechinstitute.org
Tue Jan 22 03:52:32 UTC 2013 

Right now a most of the new code for DR1 that we've been working on is 
in various repos on the OTI github account: 
https://github.com/opentechinstitute. Everything has yet to be compiled 
into a single source tree, since plenty of it isn't finished yet.

As for the backports, I really have no idea. I know Josh King has been 
working on bringing Commotion-OpenWRT up to Attitude Adjustment, and 
I'm not sure what kernel version that uses. I apologize that our DR1 
efforts haven't been well documented or announced. I think in the 
future, it would be good for us Commotion developers at OTI to be more 
transparent with what we're working on, at least for the reason that 
it's important for everyone to be on the same page...it would be crummy 
for someone to be working on something that is then made obsolete by 
something someone else is working on!

We've been pretty good about tracking our DR1 efforts on the Commotion 
issue tracker. You can check out the DR1-specific stuff here: 
https://code.commotionwireless.net/projects/commotion/issues?set_filter=1&f[]=fixed_version_id&op[fixed_version_id]=%3D&v[fixed_version_id][]=2&f[]=&c[]=tracker&c[]=status&c[]=priority&c[]=subject&c[]=assigned_to&c[]=updated_on&group_by=.

Here are some highlights of what we've been working on for DR1:

* A cross-platform Commotion daemon written in C, to manage all the 
Commotion components and handle configuration
* Quick Start wizard to guide the user through setting up a node on 
first boot
* Application advertisement and discovery (using mDNS/DNSSD) and 
OpenWRT application web portal
* Enhanced security features, such as AuthSAE and a OLSRd-secure plugin 
to sign routing traffic with Serval keys
* A new LuCI theme to match commotionwireless.net
* A Commotion-OpenBTS live distro with Serval integration

Dan

On Mon 21 Jan 2013 09:29:28 PM EST, Ben West wrote:
> This is encouraging to hear.  Is the code base for DR1 RC somewhere on
> the git repo at code.commotionwireless.net
> <http://code.commotionwireless.net> at present, or is that also
> pending release soon too?
>
> At any rate I won't commit anything to the master branch for a default
> root password.
>
> (Also, I hope the back ports for the newer kernel and compat-wireless
> drivers mentioned in the other thread are still of use. Or maybe
> they're now already obsolete ...)
>
> On Monday, January 21, 2013, Dan Staples wrote:
>
>     We actually have an entire quick start wizard in the works now for the
>     Commotion DR1 release candidate, which should be released shortly.
>     This
>     will walk the user through all the steps of configuring a device,
>     including root password, or uploading a configuration file, upon first
>     boot. So I would say setting a default password would probably not be
>     needed in this case.
>
>     Dan
>
>     On Mon 21 Jan 2013 07:10:24 PM EST, L. Aaron Kaplan wrote:
>     >
>     > On Jan 21, 2013, at 11:34 PM, Ben West <ben at gowasabi.net
>     <javascript:;>> wrote:
>     >
>     >> This is why I ask.  What is preferred method for letting users
>     specify a root password?
>     >
>     > Yeah, a hard problem.
>     >
>     > Ideally you generate one initially and display it on some LCD
>     once ;-)
>     >
>     > The problem that I see with having the password a well known
>     default password is that usually people forget to change it.
>     Search engines then find those devices on the internet. And they
>     are sort of p0wned by definition then :)
>     >
>     >>
>     >> OpenWRT by default has no root password set, expecting you
>     first telnet in to set the password.  This doesn't seem to play
>     nicely with the automated configuration that the meshconfig tool
>     tries to do.  I had thought that compiling in a default root
>     password into images did not change the (lack of) security of this
>     arrangement any all, while at least letting meshconfig run to
>     completion.
>     >>
>     > Well.... I did discover some openwrts in the wild which are
>     default, unconfigured and once you greet them with a telnet login
>     attempt, they will greet you back with a prompt ("#") sign. No
>     password required. Yikes.
>     >
>     >
>     > Personally I recommend the following:
>     > Step 1: an unconfigured mesh node generates a random password
>     > Step 2: it connects to some central server and fetches its
>     configuration.
>     > Step 3: It reconfigures itself based on the configuration stored
>     in the nodeDB. The user can change the pwd from a nodeDB/dashboard.
>     >
>     > (I know this conflicts with the totally distributed approach of
>     commotion, but that's how we will do it initially with our new
>     nodeDB at Funkfeuer)
>     >
>     > That's one way to do it. ssh keys are a different one. X509
>     certificates also come to mind.
>     > I am open to better suggestions.
>     >
>     > a.
>     >
>     >
>     > _______________________________________________
>     > Commotion-dev mailing list
>     > Commotion-dev at lists.chambana.net <javascript:;>
>     > https://lists.chambana.net/mailman/listinfo/commotion-dev
>     >
>
>     --
>     Dan Staples
>
>     Open Technology Institute
>     https://commotionwireless.net
>     _______________________________________________
>     Commotion-dev mailing list
>     Commotion-dev at lists.chambana.net <javascript:;>
>     https://lists.chambana.net/mailman/listinfo/commotion-dev
>
>
>
> --
> Ben West
> http://gowasabi.net
> ben at gowasabi.net <mailto:ben at gowasabi.net>
> 314-246-9434
>

--
Dan Staples

Open Technology Institute
https://commotionwireless.net

More information about the Commotion-dev mailing list