There are default-credentals in the code with the password 'D@rj33l1ng' configured here:
|
:: set SSHD_PASSWORD=D@rj33l1ng |
here:
|
if not defined SSHD_PASSWORD set SSHD_PASSWORD=D@rj33l1ng |
and here:
|
if not defined SSHD_PASSWORD set SSHD_PASSWORD=D@rj33l1ng |
First of all, the README could have a warning in the next update that states this fact and reminds people who are running these boxes to check if they have these default credentials enabled, since this password should be declared 'insecure' now.
The long-term solution might be a configuration variable to set all credentials across spots, where this is needed.
For now, the password could be set to a less surprising value like 'boxcutter' and be clearly documented in the README, so poeple are at least aware of this.
Replacing these and adding a bit to the README is a #goodfirstissue :-)
There are default-credentals in the code with the password 'D@rj33l1ng' configured here:
windows/floppy/_packer_config.cmd
Line 47 in 72c70ff
windows/floppy/_packer_config.cmd
Line 48 in 72c70ff
here:
windows/floppy/cygwin.bat
Line 22 in 72c70ff
and here:
windows/floppy/openssh.bat
Line 8 in 72c70ff
First of all, the README could have a warning in the next update that states this fact and reminds people who are running these boxes to check if they have these default credentials enabled, since this password should be declared 'insecure' now.
The long-term solution might be a configuration variable to set all credentials across spots, where this is needed.
For now, the password could be set to a less surprising value like 'boxcutter' and be clearly documented in the README, so poeple are at least aware of this.
Replacing these and adding a bit to the README is a #goodfirstissue :-)