[Freedombox-discuss] [Freedom Box] Finding your FB box on the network
Bjarni Rúnar Einarsson
bre at beanstalks-project.net
Thu Oct 14 14:47:13 UTC 2010
On Thu, Oct 14, 2010 at 1:39 PM, Jonas Smedegaard <dr at jones.dk> wrote:
> On Thu, Oct 14, 2010 at 03:01:09PM +0200, bertagaz at ptitcanardnoir.orgwrote:
>
>> On Thu, Oct 14, 2010 at 01:44:14PM +0200, Christian Brædstrup wrote:
>>
>>> > But that'd suppose to have a configured network at boot, which > might
>>> accomplished with the 'ip' option pass to the kernel at boot, > but then
>>> should it be static IP or dhcp?
>>> >
>>>
>>> I think most non-techs use a router with DHCP to access the internet. I
>>> could of course be wrong but in my experience it is the most common
>>> configuration.
>>>
>>
>> Yeah, but how does the user know what IP address his FB had by the DHCP so
>> that he can install it with the web interface? Zeroconf might be the answer,
>> but as I'm talking about using the debian installer, that'd mean put avahi
>> in it, which I'm not sure is feasable nor is a good idea. Like what if a
>> malicious user is on the network you're installing the FB on. If he/she uses
>> zeroconf too, that'd be problematic.
>>
>
> If security is a concern (and it is!), then we need some way of
> establishing a secure connection between the FreedomBox and its user.
>
> Avoiding Zeroconf is security by obscurity: Malicious users of same network
> cannot simply query Zeroconf for FreedomBoxes but can still portscan the
> network.
>
Agreed.
I briefly proposed in an earlier post to implement a special "handshake" in
> the FreedomBox boot process. Such routine could be added to the installer
> too - which means that handshake could be made to not require internet
> access, and thus be possible with a cross-over ethernet cable directly
> between the box and its user.
>
How about something a bit more low-tech? Plugs should ship with passwords
printed on stickers on the bottom, just like wifi routers do.
It just needs to be easy to generate/embed a unique random password each
time the base image is installed. And easy for the user to change it
afterwards. For people installing from some other media, it might make sense
to write a tool which maniuplates the .iso image before it's burnt,
embedding the password that way.
--
Bjarni R. Einarsson
Founder, CEO and janitor of the Beanstalks Project.
http://beanstalks-project.net/ ~ http://bre.klaki.net/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20101014/974a7e5c/attachment.htm>
More information about the Freedombox-discuss
mailing list