It sure is a nice thing to have ssh more simply enabled/disabled from the web interface, but removing telnetd completely is not so good i think (my opinion).
Telnetd; it's faster and uses almost no resources
Dropbear(ssh); security is fundamental
Both, just in case
Shell daemon? What is it?
I'm thinking about lauching dropbear automatically on boot and removing telnetd.
I've already patched rc to launch dropbear and adjust input filtering rules, both controlled by sshd_enabled_x nvram variable.
My main doubt is how to generate the private keys. One option is to generate the keys on every boot until the flashfs is committed and enabled.
Another option is to modify dropbear using libnvram to read keys and other configuration parameters. If there aren't keys, we can generate them, write to nvram and commit. This option allows better integration with the webserver.
What do you think about this idea? Oleg, would you accept the patches in your firmwares?
It sure is a nice thing to have ssh more simply enabled/disabled from the web interface, but removing telnetd completely is not so good i think (my opinion).
My Stuff: WL-500g, Mapower H31x 10GB HD, Philips Webcam Vesta PRO, TerraTec Webcam PRO, USB Hub
The ssh keys is not to be stored in the nvram.Originally Posted by unaiur
In fact, enabling ssh is just typing several lines, so i see no reason to change this. You will need to enable flashfs anyway.
What I would like is to make easier to choose what shell daemons are running.
Attached a patch against firmware 1.9.2.7-6b that allows to disable telnetd from the "IP Config-> Miscellaneous" administration web page.
By default, is enabled.
Last edited by unaiur; 08-09-2005 at 00:01.
You should somehow make sure that dropbear is up and running before allowing the user to disable telnetd. Maybe telnetd could be used as a fallback if dropbear won't start (i.e. because of missing key files).Originally Posted by unaiur
With my patch, you can enable and disable telnetd from the web interface, so that check isn't needed.
Originally Posted by techno