I'm thinking about lauching dropbear automatically on boot and removing telnetd.

I've already patched rc to launch dropbear and adjust input filtering rules, both controlled by sshd_enabled_x nvram variable.

My main doubt is how to generate the private keys. One option is to generate the keys on every boot until the flashfs is committed and enabled.

Another option is to modify dropbear using libnvram to read keys and other configuration parameters. If there aren't keys, we can generate them, write to nvram and commit. This option allows better integration with the webserver.

What do you think about this idea? Oleg, would you accept the patches in your firmwares?

It sure is a nice thing to have ssh more simply enabled/disabled from the web interface, but removing telnetd completely is not so good i think (my opinion).

What do you think about this idea? Oleg, would you accept the patches in your firmwares?
The ssh keys is not to be stored in the nvram.
In fact, enabling ssh is just typing several lines, so i see no reason to change this. You will need to enable flashfs anyway.

What I would like is to make easier to choose what shell daemons are running.

Attached a patch against firmware 1.9.2.7-6b that allows to disable telnetd from the "IP Config-> Miscellaneous" administration web page.

By default, is enabled.

Attached a patch against firmware 1.9.2.7-6b that allows to disable telnetd from the "IP Config-> Miscellaneous" administration web page.

By default, is enabled.
You should somehow make sure that dropbear is up and running before allowing the user to disable telnetd. Maybe telnetd could be used as a fallback if dropbear won't start (i.e. because of missing key files).

With my patch, you can enable and disable telnetd from the web interface, so that check isn't needed.


You should somehow make sure that dropbear is up and running before allowing the user to disable telnetd. Maybe telnetd could be used as a fallback if dropbear won't start (i.e. because of missing key files).