Re: [gpsd-dev] HOWTO: Security

[Kurt Roeckx]

On Tue, May 24, 2016 at 02:38:23PM -0700, Gary E. Miller wrote:
> Yo Eric!
> 
> On Tue, 24 May 2016 17:33:06 -0400
> "Eric S. Raymond" <address@hidden> wrote:
> 
> > Hal Murray <address@hidden>:
> > > 
> > > address@hidden said:  
> > > > See my reply to Gary and your text about NATs and firewalls.
> > > > Nobody has convinced me that this procedure *isn't* taking
> > > > security seriously, nor will they until I understand how any
> > > > machine other than the one I port-forward to is visible to
> > > > outsiders.   
> > > 
> > > Your mention of port-forward assumes you are behind a NAT box.
> > > That's not true in all setups.  
> > 
> > Would it suffice to say "Never put a Pi on an un-NATted address until
> > you have removed the default account?"
> 
> Most people's NATs leak a lot.  Or they have IPv6 end around.
> 
> Just change the password, to a good one, the FIRST step.

Can I just suggest that you don't allow password based logins over
the network?


Kurt