Re: [Mvpmc-devel] Adding dropbear to MVP?
Status: Alpha
Brought to you by:
gettler
From: <ge...@ac...> - 2006-11-27 16:30:58
|
On Mon, 27 Nov 2006 09:22:42 EST, "Jamin W. Collins" wrote: > MVallevand wrote: > > > > So I guess the debate is starting about the dropbear options. I based > > mine more on the dreambox/tuxbox project so used this > > > > http://cvs.tuxbox.org/cgi-bin/viewcvs.cgi/*checkout*/anoncvs/cvs/tuxbox/cdk >/Patches/dropbear-options.h?content-type=text%2Fplain&rev=1.3.2.1 > > > > these > > > > --with-zlib=.././../dongle/install/mvp/lib --disable-syslog > > --disable-shadow --disable-lastlog > > -disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx > > From what I can see these would be a good set of options. In fact, > probably better than how I currently have it configured. I disabled > zlib as I wasn't entirely sure where it was within the build structure > and my main goal was getting it included as part of the dongle build. > I'll need to check the --disable-shadow though as I'm currently > disabling telnet login and enabling ssh through a passwd replacement > that indicates root's password is in the shadow file (x in the password > field) and having no shadow file around. > > > and this > > > > make PROGRAMS="dropbear dropbearkey scp" MULTI=1 STATIC=1 > > > > generating a dropbearmult > > Same make options I used to build it. I'll happily make the above > configuration changes. > > -- > Jamin W. Collins Martin and I had some discussions about dropbear, especially from the perspective of running it over an insecure (ie, wireless) network. How would people propose that the private keys be handled? It seems that anything short of storing the keys on the mvp would lead to security problems that could defeat the whole idea of adding dropbear. And at this point, it is unclear whether or not it would be safe for us to store mvpmc data in flash (ie, would the hauppauge code ignore it, overwrite it, or choke?). Any thoughts? Jon |