1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Hiding password when loggin into dropbear

Discussion in 'HD/HDR-FOX T2 Customised Firmware' started by makem, Feb 11, 2012.

  1. makem

    makem Member

    I have changed my password but it occurred to me that this is visible when typed in. I was wondering if it was possible to hide the input without a lot of work for the clever people. In crowded internet cafes it seems as soon as a foreigner walks in everyone wants to know what he/she is doing.
     
  2. Sam Widges

    Sam Widges Active Member

    Don't use keyboard authentication, use key authentication (as per the setup we configured). Even if they see the password, they would have to have the contents of the USB key that you store the key on to get in to your Humax. Never save the private key to any machine that is not yours.
     
  3. makem

    makem Member

    Yes, I know what you mean but I was thinking that is would avoid remembering one more password because using an existing password (used for other purposes) would be revealing that.

    It was just a thought, I appreciate that you could just add a few humax related chars to change the remembered one.

    Did you find time to see if dropbear can be configured to reduce it's consumption of cpu?
     
  4. Black Hole

    Black Hole Felonius Gru

    I don't think I'm revealing too much to say that I remember an algorithm rather than a password - the secret means by which I construct the password given the site or whatever I'm logging into.
     
  5. Sam Widges

    Sam Widges Active Member

    I'm really not sure what you mean there - are you talking about reusing a password that you use elsewhere? The use of keys on SSH overcomes many password problems because it is a 2-factor scheme, i.e. something that you know and something that you have. Even is someone has your password for your key, they still can't get in because your authentication key should be on your USB stick.

    The 'renice' command is installed (at least it is on my machine, so it's in one of the packages, if not by default). Find the process ID of the dropbear process, 'ps -w | grep dropbear' will show you that in the first column. I suggest that you do this for all dropbear IDs, as one will be the server and any others will tally up with each of your SSH connections. For each ID, try 'renice -n 20 <id>' and then try your transfer. You will probably have to start the SFTP session and then SSH in to achieve this, to ensure that you deprioritise the correct process.
     
    makem likes this.
  6. Ezra Pound

    Ezra Pound Well-Known Member

    It's part of Busybox