View Poll Results: What shell daemon do you use?

Voters
7. You may not vote on this poll

  • Telnetd; it's faster and uses almost no resources

    1 14.29%

  • Dropbear(ssh); security is fundamental

    3 42.86%

  • Both, just in case

    3 42.86%

  • Shell daemon? What is it?

    0 0%
Results 1 to 7 of 7

Thread: Replacing telnetd with dropbear

  1. 07-09-2005, 00:19 #1
    unaiur
    unaiur is offline Member
    Join Date
    Sep 2005
    Location
    Madrid
    Posts
    31

    Replacing telnetd with dropbear

    I'm thinking about lauching dropbear automatically on boot and removing telnetd.

    I've already patched rc to launch dropbear and adjust input filtering rules, both controlled by sshd_enabled_x nvram variable.

    My main doubt is how to generate the private keys. One option is to generate the keys on every boot until the flashfs is committed and enabled.

    Another option is to modify dropbear using libnvram to read keys and other configuration parameters. If there aren't keys, we can generate them, write to nvram and commit. This option allows better integration with the webserver.

    What do you think about this idea? Oleg, would you accept the patches in your firmwares?
    Reply With Quote Reply With Quote
  2. 07-09-2005, 13:47 #2
    WlanMan
    WlanMan is offline Senior Member
    Join Date
    Aug 2004
    Location
    Germany
    Posts
    377
    It sure is a nice thing to have ssh more simply enabled/disabled from the web interface, but removing telnetd completely is not so good i think (my opinion).
    My Stuff: WL-500g, Mapower H31x 10GB HD, Philips Webcam Vesta PRO, TerraTec Webcam PRO, USB Hub
    Reply With Quote Reply With Quote
  3. 07-09-2005, 14:28 #3
    Oleg
    Oleg is offline Administrator
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,356
    Quote Originally Posted by unaiur
    What do you think about this idea? Oleg, would you accept the patches in your firmwares?
    The ssh keys is not to be stored in the nvram.
    In fact, enabling ssh is just typing several lines, so i see no reason to change this. You will need to enable flashfs anyway.
    Reply With Quote Reply With Quote
  4. 07-09-2005, 15:46 #4
    unaiur
    unaiur is offline Member
    Join Date
    Sep 2005
    Location
    Madrid
    Posts
    31
    What I would like is to make easier to choose what shell daemons are running.
    Reply With Quote Reply With Quote
  5. 07-09-2005, 23:59 #5
    unaiur
    unaiur is offline Member
    Join Date
    Sep 2005
    Location
    Madrid
    Posts
    31
    Attached a patch against firmware 1.9.2.7-6b that allows to disable telnetd from the "IP Config-> Miscellaneous" administration web page.

    By default, is enabled.
    Attached Files Attached Files
    Last edited by unaiur; 08-09-2005 at 00:01.
    Reply With Quote Reply With Quote
  6. 15-09-2005, 13:11 #6
    techno
    techno is offline Junior Member
    Join Date
    Sep 2005
    Location
    Berlin, Germany
    Posts
    6
    Quote Originally Posted by unaiur
    Attached a patch against firmware 1.9.2.7-6b that allows to disable telnetd from the "IP Config-> Miscellaneous" administration web page.

    By default, is enabled.
    You should somehow make sure that dropbear is up and running before allowing the user to disable telnetd. Maybe telnetd could be used as a fallback if dropbear won't start (i.e. because of missing key files).
    Reply With Quote Reply With Quote
  7. 15-09-2005, 22:45 #7
    unaiur
    unaiur is offline Member
    Join Date
    Sep 2005
    Location
    Madrid
    Posts
    31
    With my patch, you can enable and disable telnetd from the web interface, so that check isn't needed.

    Quote Originally Posted by techno
    You should somehow make sure that dropbear is up and running before allowing the user to disable telnetd. Maybe telnetd could be used as a fallback if dropbear won't start (i.e. because of missing key files).
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. dropbear / ssh from wan
    By yilias in forum WL-500g Q&A
    Replies: 3
    Last Post: 24-04-2005, 19:50
  2. Have dropbear ssh working - how to remove telnetd from boot procedure
    By karl23koch in forum WL-500g Q&A
    Replies: 2
    Last Post: 17-03-2005, 13:27
  3. To find the telnetd version of 1.8.1.7 patch
    By sunwen in forum WL-500g Q&A
    Replies: 1
    Last Post: 11-11-2004, 12:54
  4. telnetd & ftp support
    By Aldert1 in forum WL-300g Custom Development
    Replies: 5
    Last Post: 27-09-2004, 10:59
  5. Can't get dropbear to keep the keys
    By mirco in forum WL-500g Q&A
    Replies: 6
    Last Post: 13-09-2004, 14:23

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules