Current use of certificates is useless

Digi CM & Passport
1

I’m currently working router “backdoor” setup based on Portserver TS1/2 devices.

I’ve encountered a few shortcomings in the security features supported by these devices.

  1. The root account is always able to login to the PortServer - this is probably quite usefull, but i also leaves the root account open to bruteforce attacks. Why not make it possible to associate a public key (for SSH) to the root user aswell ?? This way it would actually be able to control all access to the PortServer with certificates - which at this point makes no sense as the root account is always allowed to login anyway…

  2. Listening TCP ports - the portserver has several ports listening even after disabling the associated services - telnet for instance - even when disabled leaves port TCP21 open.

I really hope you will consider addressing these issues as they would make it possible to use the PortServers directly over the internet without any further security measures.

2

It sounds as though the Digi PassPort or Digi CM products would better suit your security needs:

http://www.digi.com/products/consoleservers/

3

I only need 1 or 2 serial connections per site and the security “flaws” I pointed out should be possible to implement / fix on the PortServer TS 1/2 boxes.

I consider this more a bug report than a feature request really :wink:

4

I recommend pursuing this with your Digi Sales Representative. Posting bugs/change requests on the forum will not be viewed by Engineering/Product Management.