This howto is a (soon to be) detailed tutorial about securing your dropbear ssh daemon for public access uses.
Problems facing with a public sshd:
- No normal group for users and no normal user
- No facility to ban IPs with many failed login attempts
- File system permissions are very lax on default OpenWrt
- Preventing normal users from exploiting busybox to gain access to root only commands.
(Problem linux has no permissions for symlinks.)
Ideas to be tested for security:
- put "ln → /bin/busybox" symlink in restricted directory to prevent users from creating other busybox symlinks
⇒ goal: prevent users from accessing certain commands
inbox/howto/dropbear-security.txt · Last modified: 2010/06/18 09:27 (external edit)