Current use of certificates is useless

I’m currently working router “backdoor” setup based on Portserver TS1/2 devices.

I’ve encountered a few shortcomings in the security features supported by these devices.

  1. The root account is always able to login to the PortServer - this is probably quite usefull, but i also leaves the root account open to bruteforce attacks. Why not make it possible to associate a public key (for SSH) to the root user aswell ?? This way it would actually be able to control all access to the PortServer with certificates - which at this point makes no sense as the root account is always allowed to login anyway…

  2. Listening TCP ports - the portserver has several ports listening even after disabling the associated services - telnet for instance - even when disabled leaves port TCP21 open.

I really hope you will consider addressing these issues as they would make it possible to use the PortServers directly over the internet without any further security measures.

It sounds as though the Digi PassPort or Digi CM products would better suit your security needs:

I only need 1 or 2 serial connections per site and the security “flaws” I pointed out should be possible to implement / fix on the PortServer TS 1/2 boxes.

I consider this more a bug report than a feature request really :wink:

I recommend pursuing this with your Digi Sales Representative. Posting bugs/change requests on the forum will not be viewed by Engineering/Product Management.