User Tools

Site Tools


Dropbear Security

This howto is a (soon to be) detailed tutorial about securing your dropbear ssh daemon for public access uses.

Problems facing with a public sshd:

  • No normal group for users and no normal user
  • No facility to ban IPs with many failed login attempts
  • File system permissions are very lax on default OpenWrt
  • Preventing normal users from exploiting busybox to gain access to root only commands.
    (Problem linux has no permissions for symlinks.)

Ideas to be tested for security:

  • put “ln → /bin/busybox” symlink in restricted directory to prevent users from creating other busybox symlinks

⇒ goal: prevent users from accessing certain commands

inbox/howto/dropbear-security.txt · Last modified: 2010/06/18 07:27 (external edit)