[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult
Philip Hands
phil at hands.com
Tue Jan 10 15:15:20 UTC 2012
On Tue, 10 Jan 2012 07:45:47 -0600, Nick Daly <nick.m.daly at gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi folks, I've reviewed the debconf web-frontend a little with an eye to
> using it for the initial configuration of an FBX. My idea was that we
> could use the web-frontend to do initial configuration during the setup
> process, from a remote computer (like a laptop that joined the
> DreamPlug's wireless network).
>
> I've found that the system could work, but isn't well suited for that
> use case.
>
> The biggest issue is that the server accepts connections only from the
> localhost and does no authentication at all. So, there's no way
> (without hacking on it) to use that frontend for remote management. The
> connection also isn't encrypted in any way (HTTP only, no HTTPS), which
> is bad when you're doing remote management over a wireless network.
I'd guess that the idea is that you get an ssh connection to the box,
and then use port forwarding to pipe your browser connection over the
secure link.
As you _may_ be saying, that's not really beginner's stuff.
As for the rest of what you said, I'm not quite sure how you expect the
newly installed freedom box to establish a connection to a presumably
new user, who's probably not in the PGP strong set, with any real level
of authentication. If you're in a situation where someone may try a
MITM as you set up the new box, I don't see that there's a lot you can
do, unless the box outputs a fingerprint of it's just generated host key
on a trusted display on the FB itself, say.
To avoid that, it seems to me that initial connections need to be via a
short Ethernet or USB link, so the user can see that there's no man in
the middle (well, as long as someone hasn't had chance to doctor all the
cables in a probably very expensive manner).
Perhaps I just missed your point though, in which case, please try again.
Cheers, Phil.
--
|)| Philip Hands [+44 (0)20 8530 9560] http://www.hands.com/
|-| HANDS.COM Ltd. http://www.uk.debian.org/
|(| 10 Onslow Gardens, South Woodford, London E18 1NE ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120110/66e3cef1/attachment.pgp>
More information about the Freedombox-discuss
mailing list