On 01/21/2014 12:22 PM, Yang Chengwei wrote:
On Wed, Jan 15, 2014 at 09:38:32AM +0900, Carsten Haitzler wrote:
On Tue, 14 Jan 2014 16:26:57 +0100 José Bollo <[email protected]>
said:
On mar, 2014-01-14 at 20:45 +0900, Carsten Haitzler wrote:
On Tue, 14 Jan 2014 11:19:43 +0200 Jussi Laako <[email protected]>
said:
On 14.1.2014 4:16, Carsten Haitzler wrote:
having a "enable ssh" option on devices (when you enable developer mode)
would be the best of both options. it's not on by default, but it's a
simple click away.
Just "Enable developer mode" in device settings would be fine. But I
wouldn't like to have a car that has ssh wide open to the world with
some default password or key... Nor phone either.
i'm fine with that. a single simple checkbox is fine for me :) and agree -
if enabled as a service, it should require you enter a password at that
tome - no default passwords/accounts. perhaps limit sshd to only listen on
usbnet and any wifi etc. networks you tags as "trusted". :)
The check box should have a time limited effect. That means that you can
forget to uncheck it, it will uncheck itself after a while.
The check box should also be associated to a kind of password. It is not
acceptable that a developer tool can connect to any device just because
to check box is checked. I'm not saying that a password must be set but
that a password can be set if wanted.
i would say a password SHOULD be set at that time - no defaults. and that
password retained so you don't need to keep re-setting it each time (but able
to be changed too from that menu). if there is a timeout, i would say it should
be a timeout between successful logins on sshd. if there has not been a
successful login in let's say 7 days, turn it off. (that would mean developers
using it all the time at least once per week don't get bothered). or hey - make
the timeout configurable... :) let the developer decide how bothersome they are
willing to accept things vs security.
I'm not sure it's worth a discussion or not about ship Tizen with ssh
service, for me, sdb is useful enough for developers, and it's more
security, at least one need connect a usb cable to the device, if one
can archive your device, then it's done.
ssh offers far more:
* authorized access by passoword and/or ssh key (so if someone gets hold
of your device and plugs it in they can't do anything without auth).
* sshfs. need i say more. much more useful than sdb. :)
--
Thanks,
Chengwei
--
Carsten Haitzler (The Rasterman) <[email protected]>
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
--
The above message is intended solely for the named addressee and may
contain trade secret, industrial technology or privileged and
confidential information otherwise protected under applicable law
including the Unfair Competition Prevention and Trade Secret Protection
Act. Any unauthorized dissemination, distribution, copying or use of the
information contained in this communication is strictly prohibited. If
you have received this communication in error, please notify the sender
by email and delete this communication immediately.
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
