OpenWrt

This howto is a (soon to be) detailed tutorial about securing your dropbear ssh daemon for public access uses.

Problems facing with a public sshd:

• No normal group for users and no normal user
• No facility to ban IPs with many failed login attempts
• File system permissions are very lax on default OpenWrt
• Preventing normal users from exploiting busybox to gain access to root only commands.
  (Problem linux has no permissions for symlinks.)

Ideas to be tested for security:

• put "ln → /bin/busybox" symlink in restricted directory to prevent users from creating other busybox symlinks

⇒ goal: prevent users from accessing certain commands

Dropbear Homepage
Bruteforce SSH fix