RedPitaya network access control

Just about everything about Red Pitaya
Post Reply
larndoc
Posts: 3
Joined: Mon Jan 26, 2015 12:20 pm

RedPitaya network access control

Post by larndoc » Mon Jan 26, 2015 12:38 pm

Hello,

I recently bought the RedPitaya for our electronic lab, as I found it could turn out to be an incredibly useful device for automated test equipment development. So I am not using it in my home network, however, in a big company network with thousands of other users in the same network. Therefore I am (and the network department are) slightly concerned about access control on the RedPitaya.

Do I get it right that:
  • The RedPitaya runs on tiny Linux derivate with one user, being "root" and password "root"
  • If I connect it to the network with DHCP potentially anybody inside this network could SSH into it with this standard username/password?
  • This person could then do whatever he/she wants with it (like, installing different software, just clocking up the network, etc.)
Is there an easy way to change the root password (like just executing "passwd" in the shell)? This might cure most of the security concerns.

I could set it up with the wireless dongle and choose the WPA2 password to access it, which would somehow make it a bit more "secure", still, eventually I want the RedPitaya to connect to the internet within the company network.

Are there any better suggestions, experience? Or am I overly concerned...?

Nils Roos
Posts: 1441
Joined: Sat Jun 07, 2014 12:49 pm
Location: Königswinter

Re: RedPitaya network access control

Post by Nils Roos » Tue Jan 27, 2015 1:12 am

Hi,
larndoc wrote:Do I get it right that: ...
Correct on all counts, although there are other user accounts besides root (none of which have login permissions).
larndoc wrote:Is there an easy way to change the root password (like just executing "passwd" in the shell)?
You can change the root pw with "passwd" but it will only last until the next reboot, because the password-hash store (/etc/shadow) is restored from the ramdisk image.

The only persistent way to change the root password is to change the file inside the ramdisk image. I know of no easy way to do that, but that does not mean there isn't one ;O)

A not-easy way would be to set a different password in OS/buildroot/config , line 191 and rebuild the ecosystem.

Code: Select all

BR2_TARGET_GENERIC_ROOT_PASSWD="root"
There are a couple of other things that could be done to increase security, eg. disabling remote login for root, setting up restricted accounts for remote login, etc. As with the generic root password, doing that would involve changes to the buildroot setup.

User avatar
piccolo
Posts: 8
Joined: Fri Feb 06, 2015 8:51 am
Location: USA

Re: RedPitaya network access control

Post by piccolo » Fri Feb 06, 2015 9:29 pm

Won't files added to the buildroot/overlay directory be included in the ramfs image? If so, another option is to add a /root/.ssh/authorized_keys2 file with an SSH public key you've generated; any user without the corresponding key couldn't get into it.

Post Reply
jadalnie klasyczne ekskluzywne meble wypoczynkowe do salonu ekskluzywne meble tapicerowane ekskluzywne meble do sypialni ekskluzywne meble włoskie

Who is online

Users browsing this forum: Google [Bot] and 30 guests