hi, Am Sonntag, den 10.11.2013, 18:12 -0600 schrieb Robert Nelson: > (gmail: forgot to cc the list...) > > > Your image contains SSH private keys, which means that everyone can do > > MITM attacks against connections to machines running your image. It > > also contains the dbus machine identifier and other machine-specific > > things that should not be duplicated between instances. > > I agree, there are a lot of "security" issues with the Demonstration > image, it's purpose is primary for initial board development and > testing and should never be used in the field as is.. ... > > to regenerate the ssh key, I've just not yet enabled it by default.. openssh will automatically generate keys on first boot if there are no existing ones, just make your build scripts remove the keys that are generated at package install time and you should be fine ... ciao oli
Attachment:
signature.asc
Description: This is a digitally signed message part