@eschwartz: With OpenSSH, or with SSH-over-WiFi enabled, yes. With the default config (dropbear, no wifi-firewall-hole-punching), nope, the door's wide open
.
EDIT: On the other hand, I have a sinking feeling about the whole locked account thing + dropbear, now that you mention it. Let me double check.
EDITē: Nope, I'm not dreaming, all's good
.
Code:
ssh -o PubkeyAuthentication=no root@kindle
Welcome to Kindle!
root@kindle's password:
#################################################
# N O T I C E * N O T I C E * N O T I C E #
#################################################
Rootfs is mounted read-only. Invoke mntroot rw to
switch back to a writable rootfs.
#################################################
[root@kindle root]# showlog -f
[!]141202:011858 dropbear[7725]: Child connection from 192.168.2.1:33970
[!]141202:011858 dropbear[7725]: Pubkey auth succeeded for 'root' with key md5 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff from 192.168.2.1:33970
[!]141202:011900 dropbear[7725]: Exit (root): Disconnect received
[!]141202:011907 dropbear[7729]: Child connection from 192.168.2.1:33971
[!]141202:011907 dropbear[7729]: Bad password attempt for 'root' from 192.168.2.1:33971 (But we're letting you in because we're a nice Kindle ;))
(Don't mind me using the IP setup of legacy devices on a PW2, that's just to prevent me from going bonkers from device-dependent settings
. Everything being the same == saner for me, even if it doesn't match diags, since I barely ever use diags, while I very damn often switch between a wide range of Kindles).