Closed shmunorbury closed 1 month ago
we actually remove openssh-server in our build scripts for stable production images intentionally
i don't think its a very good idea enabling ssh on a phone that is secured with a 4-8 digit pass code
we do provide openssh and ssh over a usb cable in our devtools package tho
sudo apt install furios-devtools adaptation-hybris-devtools
we actually remove openssh-server in our build scripts for stable production images intentionally i don't think its a very good idea enabling ssh on a phone that is secured with a 4-8 digit pass code we do provide openssh and ssh over a usb cable in our devtools package tho
sudo apt install furios-devtools adaptation-hybris-devtools
Then in my opinion the default setting for sshd config should be:
PasswordAuthentication no
This will still allow secure use of sshd by way of a public key instead of relying on the less-secure numerical passcode used on the GNU user account.
don't think that quite aligns with our views a phone shouldn't have a ssh server preinstalled at all, same way desktop distros do not include it i can make settings hide that settings option if there is no ssh server available. i think thats a better solution
yes, I think hiding the setting makes most sense then. Or a different approach (more work) is to add it as an optional step (installing ssh server) in the furios setup app.
Kind regards,
Samuel Norbury
On Sunday, July 28th, 2024 at 8:55 PM, Bardia Moshiri @.***> wrote:
don't think that quite aligns with our views a phone shouldn't have a ssh server preinstalled at all, same way desktop distros do not include it i can make settings hide that settings option if there is no ssh server available. i think thats a better solution
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
Rather than hiding the option I'd advocate for displaying a message prompting the user to install openssh-server if they want to enable ssh.
I support not including it by default, and by the same token I guess you could say "well the people who want it will know to install it!", but I think that's an attitude that can become dangerous in time.
If enabled via the UI, too, it might be good to include a timeout to stop the SSH server after an amount of time (or after a network change?). It'd suck to walk around with an exploitable SSH server in your pocket.
the patch is already in it is not hidden but items are set to insensitive and cannot be touched if sshd is not installed with a warning saying ssh server is not installed i am not a big fan of letting users install things that have the possibility of compromising their device. in this case, if you really do want ssh server then you probably know what you are doing and can just use apt.
Though there is a nice graphical interface setting to enable secure shell access to the device, the actual openssh-server binary is not installed default.
Current workaround:
sudo apt install openssh-server
in a terminal, then toggle the setting in the Settings app.Current situation
Toggling the secure shell setting in the Settings app is a no-op.
To do
Include openssh-server in the default image on the FLX1, so that the graphical interface setting to enable secure shell access is not a no-op.
Expected Outcome
The secure shell setting should actually work without installing anything via the terminal first.