Change Dropbear port to 2222

[dareal68]

By using port 2222 we are able to connect to localhost with App Store SSH client app like Blink Shell or Prompt 2

[mologie]

This would introduce a security issue and should not be made the standard configuration. Apps could gain root privileges through your change if the user did not change the root password.

[nullpixel]

if the user did not change the root password

Apps could do this anyway if you never changed the root pass. You could do many things like that, so your argument is invalid

[dareal68]

Who does not change a password that he did not choose himself.
We talk about a security issue on a platform compromised by the jailbreak itself.
I take the risk, am I crazy? Let me know.
Thanks

[mologie]

Apps could do this anyway if you never changed the root pass. You could do many things like that, so your argument is invalid

@nullpixel1, In that case, please explain to me how an app is going to become root if they cannot access the locally running SSH server thanks to the sandbox and cannot exploit the kernel thanks to yalu102's patching the bug it exploits.

Who does not change a password that he did not choose himself.
We talk about a security issue on a platform compromised by the jailbreak itself.

@dareal68, Most people who install this jailbreak do not even know what a root account is. Thus, neither will most people change their root password. The jailbreak does reduce security, but does not install open backdoors.

[dareal68]

@mologie If I understand correctly, the best solution for me would be to unsandbox my SSH client app.
In this way, only this application will have access to the SSH server on port 22.

Do you think it's a better solution to the change I made?

[mologie]

@dareal68, your change is fine and in fact the easiest solution for your phone. By all means, use it on yours - there's hardly a better solution around the sandbox restriction.

However, I do not think that your solution should be installed on all phones which install Yalu, because even though you did change your root/mobile passwords (you did, right?), most people will not. That is the only reason why I disagree with your request to have this pulled into the main code base. Technically, what you did is just fine. The issue here is your average users.

[x86shell]

If you want to change the port you can but its better off leaving it on p22

[ann0see]

I would include a (defaulted to off) switch to Yalu 102 that tells yalu to set the configuration either to port 22 or yours. (I'd add an "options" menu somewhere)... And if somebody switches the Button to on the value of the button should be saved let's say in /.yalussh and should be read by Yalu after a reboot.
If you decide to set the port to 2222 there should be a warning.