User Tools

Site Tools


inbox:howto:dropbear-security
>>>>> Wiki-merge in process >>>>> wiki.openwrt.org + openwrt.org are going to be merged soon, this wiki therefore being read only. Once pages are transfered to openwrt.org, you can edit them again.

Table of Contents

Dropbear Security

This howto is a (soon to be) detailed tutorial about securing your dropbear ssh daemon for public access uses.

Problems facing with a public sshd:

  • No normal group for users and no normal user
  • No facility to ban IPs with many failed login attempts
  • File system permissions are very lax on default OpenWrt
  • Preventing normal users from exploiting busybox to gain access to root only commands.
    (Problem linux has no permissions for symlinks.)

Ideas to be tested for security:

  • put "ln → /bin/busybox" symlink in restricted directory to prevent users from creating other busybox symlinks

⇒ goal: prevent users from accessing certain commands

inbox/howto/dropbear-security.txt · Last modified: 2010/06/18 09:27 (external edit)