what is the best way to protect people from accessing the unit? We have setup a strong password, and have installed a binary file built from linux source. but we have noticed that hard-resetting the device will keep the image we have built including the custom apps. so technically someone may hard-reset the password, login with any password he wants, and then have access to all the logs and binaries.
when you say “hard-resetting”, do you mean swiflash command and its -r option for recovery mode?
reset by using the button at the back of the unit.
Hi @claudio.baldini,
The simplest way is to disable the pushbutton from factory resetting the device:
AT!FWD=FACTORYRECOVERY,DISABLE
It sounds like you’ve created a strong password, but have the same password on every device. If one unit becomes compromised, your whole fleet is at risk.
Using ssh keys would be a safer implementation.
You could also disable password logins by changing the dropbear configuration.
Keep in mind, these changes will make it very difficult to log back in, should you need to.
BR,
Chris
@cchenry the ideal for us would be to use key pairs for logging in, so I guess this will be preserved even after the hard reset. Have had a look at that but it seems we can’t even get files saved to the rootfs for some reason
@cchenry we have tried this a few times but something is not working all right. Ideally we are happy with keeping a password but the major problem at the moment is that anybody can RESET the device and then to recover important information from the unit after he put a new password.
We have modified the factory_default_recovery.sh script to remove the legato framework, but I believe that if we have the apps built into the image, this will have no effect as it will re-instate the original image anyway?
in this script and the function “check_and_recovery_default()”, right after the line:
/bin/rm -fR ${UFS_ROOT}/etc ${UFS_ROOT}/data
we have added
/bin/rm -fR /legato/*
but everytime we use the RESET button and then login again, it will show that all the apps we have built into the image are still present
1 Like
Hi @claudio.baldini,
Deleting legato is not a good idea. I’m not clear why you want your apps removed, your FX30 won’t do much without them.
In order to add your own ssh keys, you’ll need to create your own init script and that will copy your public key into the .ssh folder. Something like this:
# copy authorized_keys
if [ ! -d /home/root/.ssh ]; then
mkdir -p /home/root/.ssh
fi
if [ ! -e /home/root/.ssh/authorized_keys ]; then
cp /etc/dropbear/authorized_keys /home/root/.ssh/
fi
Add your script to your recipe. For example, if you use the columbia-initscripts.bbappend:
SRC_URI += "file://SierraWireless-Proprietary \
file://myscript.sh \
"
do_install_append() {
install -m 0755 ${WORKDIR}/myscript.sh -D ${D}${sysconfdir}/init.d/myscript.sh
[ -n "${D}" ] && OPT="-r ${D}" || OPT="-s"
update-rc.d $OPT -f myscript.sh remove
update-rc.d $OPT myscript.sh start 60 S . stop 60 S .
}
Modify the dropbear recipe to add your public key and disable password logins
SRC_URI += " \
file://authorized_keys \
file://dropbear_default \
"
do_install_append() {
install -m 0755 ${WORKDIR}/authorized_keys -D ${D}/${sysconfdir}/dropbear/authorized_keys
install -m 0755 ${WORKDIR}/dropbear_default -D ${D}${sysconfdir}/default/dropbear
}
Your dropbear default settings needs to look like this:
recipes/dropbear/files$ cat dropbear_default
DROPBEAR_EXTRA_ARGS="-B -s -g"
Your recipes/dropbear/files$ folder also needs to contain your authorized_keys public key file as well
Be aware you will not be able to log in using passwords any longer. You must have your private key in order to log in!
Hope this helps.
BR,
Chris
@cchenry the only problem we have at this point is that hard resetting the FX30 with the reset button, then everything will go back to factory default and anybody can reset the password and to log into the unit.
At this point they have access to everything, including the certificates or secrets we are using.
One way is of course to disable the RESET button, which it doesn`t seems very elegant, the only alternative I see is to add the custom ssh-keys so even after reboot nobody will be able to access the device without them.
The only alternative was to delete all our apps and files, we don’t care if someone logs in but only if they have access to our (or our customers) files.
I believe this is something the swi team should look at closely…
To remove your apps cleanly, use the command:
“legato app remove MyApp”
BR,
Chris
cheers @cchenry the configuration you have sent above did the trick. At least now nobody can login into the device even after the RESET buttons has been used. Very much appreciated.
1 Like