From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id E7E6121F1E9 for ; Wed, 26 Mar 2014 11:16:44 -0700 (PDT) Received: by mail-wg0-f41.google.com with SMTP id n12so1605562wgh.24 for ; Wed, 26 Mar 2014 11:16:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=+5D2IZirYnj5rbgCu+04xUgboyXkZacLKJNgL3pvasA=; b=MQVfy/XlJLT2G0lqC3Z4/WmSY9ySzRR4vCBGhQcsMb9pv9kOaFVGQrHDMzz/j7cWqP DomrHIefS7cyv9rHnBmmtHgKWAhoidM2Q9RxsWgH9VzmWosDEW68Yu4ObF7XYHs7Zjr2 n25w8vsUdySPaBMJaoOJL3dAntrL6utp0ZueBfO6GXYZbVRpZJn+Lk8Nf8zvHHFuGEUd PkL3Mwadi0WyIZVX6hzJ+bfWQvbsKK7svQ6w/i+YGwHhG8+rUeCdUrMI6oqo9pt/mkV3 O+yyG6vQxiTxMGV7k8PR9D0IFnTjK3mpuC2ylV7RUoUWTVqOdVmWLjoUyxIBdIm0KFzm U4vA== MIME-Version: 1.0 X-Received: by 10.180.37.178 with SMTP id z18mr33914430wij.46.1395857385707; Wed, 26 Mar 2014 11:09:45 -0700 (PDT) Received: by 10.216.8.1 with HTTP; Wed, 26 Mar 2014 11:09:45 -0700 (PDT) In-Reply-To: References: Date: Wed, 26 Mar 2014 11:09:45 -0700 Message-ID: From: Dave Taht To: Kai Yang Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] new wiki pages the differences between an external gateway and internal router X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Mar 2014 18:16:45 -0000 They are unused in cerowrt as it uses the xinetd subsystem instead. Yes, the gui should be aware of that but we've not got around to it (and parsing xinetd syntax is hard). The gui does do the right thing when it comes to uploading the ssh key, I think, but the rest is mostly wrong. The long term expectation is that the procd subsystem will gain some xinetd features eventually. In the meantime xinetd provides some extra security (like being easily able to only allow services for certain hosts) and sensors for malicious behavior that are missing elsewhere. On Wed, Mar 26, 2014 at 11:04 AM, Kai Yang wrote: > So what are those options in /etc/config/dropbear for? > > On Wed, Mar 26, 2014 at 1:50 PM, Dave Taht wrote: >> I think you need to modify the /etc/xinetd.d/ssh entry to pass the -s >> option to dropbear and restart xinetd. >> >> Please don't try this unless you are sure your dropbear key is working!! >> >> On Wed, Mar 26, 2014 at 10:44 AM, Kai Yang wrote: >>> On the note of ssh, I have disabled the password login, root password >>> login, and set the interface to se00. Yet, I'm still able to login >>> with root password from wifi. What gives? >>> >>> On Wed, Mar 26, 2014 at 1:16 PM, Dave Taht wrote: >>>> I think I need to summarize what these differences are in a chart on a >>>> separate page, so people get it right. >>>> >>>> http://www.bufferbloat.net/projects/cerowrt/wiki/Setting_up_an_interio= r_gateway_router >>>> >>>> http://www.bufferbloat.net/projects/cerowrt/wiki/Tuning_your_CeroWrt_d= efault_gateway >>>> >>>> But did I miss anything major above? >>>> >>>> And I've seen instructions for bridging and using vlans go by on this = list that >>>> need to move to the wiki, if anyone is up for that. >>>> >>>> -- >>>> Dave T=E4ht >>>> >>>> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subsc= ribe.html >>>> _______________________________________________ >>>> Cerowrt-devel mailing list >>>> Cerowrt-devel@lists.bufferbloat.net >>>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >> >> >> >> -- >> Dave T=E4ht >> >> Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscri= be.html --=20 Dave T=E4ht Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.= html