what is the best way to protect people from accessing the unit? We have setup a strong password, and have installed a binary file built from linux source. but we have noticed that hard-resetting the device will keep the image we have built including the custom apps. so technically someone may hard-reset the password, login with any password he wants, and then have access to all the logs and binaries.
when you say “hard-resetting”, do you mean
swiflash command and its
-r option for recovery mode?
reset by using the button at the back of the unit.
The simplest way is to disable the pushbutton from factory resetting the device:
It sounds like you’ve created a strong password, but have the same password on every device. If one unit becomes compromised, your whole fleet is at risk.
Using ssh keys would be a safer implementation.
You could also disable password logins by changing the dropbear configuration.
Keep in mind, these changes will make it very difficult to log back in, should you need to.
@cchenry the ideal for us would be to use key pairs for logging in, so I guess this will be preserved even after the hard reset. Have had a look at that but it seems we can’t even get files saved to the rootfs for some reason