Ticket #1853 (closed enhancement: fixed)
Enhancement: improve dropbear security by listening only on usb0 by default
|Reported by:||RuiSeabra||Owned by:||julian_chu|
|Severity:||blocker||Keywords:||dropbear security haspatch HasPatch|
|Blocking:||Estimated Completion (week):|
Letting ssh listen on 0.0.0.0:22 may be hazardous if you connect to wifi links, and seldom will you need to access dropbear from wifi unless you know what you're doing.
If you know what you're doing, you can easily change dropbear to go back to an insecure default.
A clever usage of awk in the init script will dynamically fetch usb0's address thus reducing the risk of the default.
- Owner changed from openmoko-kernel to julian_chu
- Component changed from System Software to Distro