Hello,
I just managed to install Debian on my NSA325v2 thanks to the excellent resources found here
and the nas-central.org wiki.
But this thing caught my eye, after booting into Debian for the first time, it looks like sshd keys are used straight
from the Debian-3.18.5-kirkwood-tld-1-rootfs-bodhi.tar.bz2 tarball and not regenerated? This would mean that all the Debian
installs from this image around the world are running with a compromised ssh config and using a public "private key" meaning ssh communications aren't protected at all! Am I missing something?
I just managed to install Debian on my NSA325v2 thanks to the excellent resources found here
and the nas-central.org wiki.
But this thing caught my eye, after booting into Debian for the first time, it looks like sshd keys are used straight
from the Debian-3.18.5-kirkwood-tld-1-rootfs-bodhi.tar.bz2 tarball and not regenerated? This would mean that all the Debian
installs from this image around the world are running with a compromised ssh config and using a public "private key" meaning ssh communications aren't protected at all! Am I missing something?