Opened 9 years ago

Closed 8 years ago

Last modified 4 years ago

#5495 closed enhancement (worksforme)

Disable password SSH logins for root

Reported by: Felix Schwarz <…> Owned by: developers
Priority: low Milestone: Barrier Breaker 14.07
Component: packages Version: Kamikaze 8.09
Keywords: Cc:


Currently dropbear allows password logins even for root. Given the fact that SSH bruteforce attacks are very common (even for ip addresses which are usually assigned to dial-up users) and that most attackers try to compromise the root account, it would be good from a security point of view to disable password logins for root.

dropbear provides the '-g' option to do that. FreeWRT had a nice mechanism to enable that option so bruteforce attacks on the root account will always fail.

It would be nice to have at least some kind of option in /etc/config/dropbear to enable it manually. Even better: Set this option automatically if /etc/dropbear/authorized_keys has some keys.

Attachments (0)

Change History (3)

comment:1 Changed 9 years ago by anonymous

You can enable/disable password authentication in /etc/config/dropbear. That's enough.

comment:2 Changed 8 years ago by nbd

  • Resolution set to worksforme
  • Status changed from new to closed

yes, setting the option PasswordAuth to 0 should be enough

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.