[OE-core] how to *securely* do a remote install of an OE image?

Robert P. J. Day rpjday at crashcourse.ca
Tue Feb 28 10:28:16 UTC 2017


  here's a puzzler someone just presented me with ... given an
established OE build, and a way to download and install it to a remote
system, how would one set up root and/or non-root accounts and
passwords to then allow an *authorized* someone to log in to the
newly-installed system and configure it?

  as in, if the installed image contains a "root" account and default
password, there is the potential of someone sneaking in there in the
interval between installation and when the "authorized" user connects
to do the configuration, even if the first act of the authorized user
is to change the root password.

  my immediate reaction was to use SSH keys, where the
newly-installed system would require SSH logins, and would have to
match the corresponding private key.

  as an alternative, perhaps don't worry about such a situation, but
when the authorized user logs in for what is *supposed* to be the
first time, it will be flagged that someone else has already logged in
earlier, and a warning will be printed, "Previous login to root
detected, you have been compromised, please re-install!"

  i'm sure there are plenty of ways of doing this, anyone have any
pointers? thanks.

rday

-- 

========================================================================
Robert P. J. Day                                 Ottawa, Ontario, CANADA
                        http://crashcourse.ca

Twitter:                                       http://twitter.com/rpjday
LinkedIn:                               http://ca.linkedin.com/in/rpjday
========================================================================




More information about the Openembedded-core mailing list