Security :: Able To Locally Login As Root With ANY Password ?

Jan 20, 2010

Found a major security hole in one of my more crucial linux servers today. (Only locally) I can use the user name "root" and any string for the password. So I can literally type "poop" as the password and the server lets me in. I know how to set root password settings for SSH and sudo, but where are settings located for local access that would allow something like this?

View 14 Replies


ADVERTISEMENT

Fedora Security :: Root Login Via Ssh 12 Password Authentication?

Jan 27, 2010

Can't seem to do it, wondering if anyone knows how? Normally there's something in sshd_config that can be switched to true or yes to allow root login but I can't see it in fedora 12.I can login via root at a terminal no problem, just not via ssh, I get access denied every time. Also, I need to login using password authentication.I've done: 227169 but that's just for GUI which I don't really need since I rarely ever log into the GUI.I have also searched through here and mostly only found info such as above, how to enable root login for GUI, or billions of posts about how logingin as root is bad but I cannotswer to my question.DISCLAIMER: Please do not reply to this thread if all you can contribute is the question of why I need root or to put some message telling me I can do everything using su, etc, etc. Please only contribute if you can answer my question. A: My machine and a valid quesiton. B: Spirit of Linux is open, not restrictive

View 3 Replies View Related

General :: Mail Server : Reset The Password For It Using The Password Command From The Root Login?

Jul 23, 2009

I am an absolute Linux Beginner who is being required to do a bit of admin work because the boss just fired the old linux admin. Unfortunately, one of our employees cannot remember her password to her email account and as such I need to reset it on our linux server.What I want to check is that this email account is actually a linux user account and I simply will reset the password for it using the passwd command from the root login. Is that correct?

View 1 Replies View Related

Ubuntu Security :: Change Keyring Password To Match Login Password

Jun 14, 2011

everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?

View 4 Replies View Related

Debian :: Root Login Without Setting Root Password

May 14, 2015

I edited fstab to automatically mount my windows data partition on boot, but I screwed it up by not specifying the file system type, however that is not the problem, I was able to fix that easily. The problem was that when it failed to mount the partition, Debian automatically entered root and I guess that is to be expected in order for me to fix it, but I never configured a root password and it just gave me full root access without asking any password, not even my user password. I though that was strange so I set the root password and sure thing it asked me for the root password this time without automatically logging into root....

I then tried to lock the root account to see if it will ask me for a password or not, it did but of course I wasn't able to login as root because it was locked now and I was left with no way to access the system. I had to fix fstab from a live cd so that I can login normally as the user....

I didn't know what to search for or if that is the expected behavior if you don't set root password during installation, but it just seemed a bit strange to automatically enter root when you specifically disable root login during installation...

View 1 Replies View Related

OpenSUSE Install :: Window Named Login Keyring Appears Asks Root Password Everytime When Login

Jun 13, 2011

when i login to openSUSE a window named login keyring appears and it asks me root password. it happens everytime when i login. how to fix this problem?

View 9 Replies View Related

Fedora Security :: Become Root Without Root Password?

Oct 20, 2010

I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:

[Code]...

I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.

View 14 Replies View Related

Ubuntu Security :: Bad Login Protocols - Graphical Login For Gnome Sizes Itself To Accommodate A User's Exact Password Length

Dec 14, 2010

I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.

And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.

View 9 Replies View Related

Ubuntu Security :: Security E-mails At Root Login?

Sep 8, 2010

Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).

View 9 Replies View Related

Security :: Root Password Cannot Be Changed

Jan 20, 2011

Protect against root password change[Log in to get rid of this advertisement]I have recently had to force a change of the root password on a linux box I was running. It was a test system which I had not used in a while, so I forgot the root password (not so smart).Anyway, I found that it was amazingly easy to reset the root password. Here is a straight forward article on how to do it.URL...

My question is: how can you protect against this? I see this as a security hole.I understand that the user must have physical access to the computer, but if I want to lock the system down so you cannot easily enter single user mode or the root password cannot be changed.

View 1 Replies View Related

Security :: Sudo To Root Without Password?

Jan 26, 2011

We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.

Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.

View 3 Replies View Related

General :: Login To Root Without Password (ubuntu 8.04)?

Sep 4, 2010

When I try to do

Quote:

sudo su root

The login is successful without prompting a password. This is dangerous. How am I going to avoid/disable this?

View 8 Replies View Related

Server :: Cannot Login To System Red Hat Using Root Password

Apr 17, 2011

I just receive news from my superior. He said he cannot login to system Red Hat using root password.So when i check, someone change root password. I restart server and login as single user. When i put new password, it not change.How to fix it? Is that mean someone just hack my server? That server is in DMZ zone.

View 2 Replies View Related

Fedora Security :: Forgot Root Password?

Sep 21, 2009

what does one do when he forgets the root password ? i still have a terminal logged in as root how can i change the password in terminall

View 2 Replies View Related

Fedora Security :: Updates Without Root Password?

Nov 14, 2009

I have been experiencing harassment with my websites being hacked so pardon me if this is an over-paranoid question.

Just recently started on FC11 after having abandoned Fedora for CentOS for a few months. So glad to be back, but...

I have been getting notices about security updates. When I click for the update, I am not asked for the root password and the update occurs.

View 12 Replies View Related

Security :: Sudo Non-user/non-root Password?

Feb 19, 2010

Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.

Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.

View 3 Replies View Related

OpenSUSE Install :: Way To Login To Account With Only Root Password?

Mar 26, 2010

Is there a way to login to an account with only the root password? Because I really need it the first unlock the computer next to me and second because I just want to know.

View 9 Replies View Related

Ubuntu Installation :: Trying To Login But Forgot Root Password

Jul 28, 2010

I am new to ubuntu and I've installed it but I didn't use it too much. Now I was trying to login into ubuntu but I forgot the root password. Can I login into ubuntu or change the root password. I didn't make any other user than the installation were asking me. If I try to reinstall the ubuntu, the setup will help me to choose the same partition (to overwrite on the previous ubuntu)?

View 3 Replies View Related

General :: Sshd Accepts Root Login Without Password?

Jul 18, 2011

I'm trying to figure out why my industrial appliance (x86, running kernel 2.6.21.7 and OpenSSH_4.3p2 / OpenSSL 0.9.7m) accepts ssh connections without asking for a password (even for root)!When I log on to the local console as root I have to enter a password but strangely this prompt won't appear using a ssh connection (although I'm not using any client certificates).Of course that not acceptable but I just can't find the related configuration entry to disable this "password-less" authentification.Is this related to the sshd or has it something to do with the PAM module?

- Update ->
While looking at /var/log/secure, I've found the following lines:
Jul 18 16:55:07 localhost sshd[5712]: Accepted none for root from XXX port 6393 ssh2

[code]....

View 8 Replies View Related

Security :: Login Password Upon Starting?

Jan 19, 2011

I installed linux system into a USB stick, but it never asks me to enter login password (i am the default user "root") when booting. I checked the settings in "User and Group" panel, and found everything there is OK. What additional settings should I make to this problem?

View 4 Replies View Related

Fedora Security :: How To Disable Root And User Password

Jan 12, 2009

It seem like unix abit annoying every time you log in you need to password can I disable it

View 10 Replies View Related

Ubuntu Security :: Any Way To Change Password For Root Privileges?

Jul 10, 2011

I've been using Ubuntu for like a year now. Whenever I want root privileges I just type sudo and enter my User password. I wanna know if there's a way to change this, in a way that My User password is: "ABC" and the password needed to have root privileges is: "ABC123". I have no problem using the terminal, I actually prefer it to any GUI, it just seems easier to me.

View 3 Replies View Related

Security :: RHEL Root Password Automatic Change?

Jun 1, 2010

To comply with standards I need to change the root pw every so often. However, I really don't have a need to know the root password; as the only thing using root, is for ssh authenticating via ssh keys. What I want to do is automate the root password change monthly via a cron job, to a random value. Is there a way to do this without knowing the previous password?

View 14 Replies View Related

Debian Installation :: User Password Rejected And Have To Login As Root

Oct 28, 2014

Suddenly Debian started rejecting my user pw and I have to login as root. Perhaps this is a coincidence, but this started when I re-booted after adding Russian keyboard layout in etc/default/keyboard. The Russian keyboard added successfully.

Being logged in as root, renewed the pw of my user account (actually assigned the same as wes previously), got confirmation the the pw has been changed. Reloaded. Yet it keeps complaining that the pw is wrong.

View 8 Replies View Related

Fedora Security :: Forgot Login Password?

May 8, 2009

I just installed Fedora 10 on my laptop 2 days ago. I dont seem to remember the password i userd for my username. Is there a way to reset or change the password? I cannot login to the system.

View 4 Replies View Related

Security :: The Login Password Echoed - How To Correct It

Nov 25, 2010

Kernel 2.6.21.5, Slackware 12.0
GNU bash 3.11.17

Being in a text console (VT, that is, the screen with 25 x80 chars), say tty1, and just after booting linux, I logged in as usual,typing my password.What happened then astonished me. In Slackware distros, a small quotation from some book is written on screen just after typing the correct password. Well, after typing my password, I could see it split into two halves instead of the quotation.

View 13 Replies View Related

Security :: SSH Login Without Password Not Working As Expected?

May 5, 2010

There is this one server running CentOS5.4 Final which has certain application like Bugzilla. I have setup ssh on it and setup is for password less authentication. Have also setup PasswordAuthentication to no. So with password authentication should succeed. But it is. Though password less authentication is working fine, but I am also able to login using password.

Code:

RSAAuthentication yes
PubkeyAuthentication yes
PermitEmptyPasswords no
PasswordAuthentication no

View 4 Replies View Related

Security :: SSH2 No Password Login With Passphase Key?

Sep 30, 2010

I was just wondering about logging in to my remote server via SSHv2.

But I want to set a passphase key but not make the server ask for it when logging in, would this at all be possible?

I am well aware I may leave it blank but doesnt this pose a security threat possibly?

I have heard somewhere that you can get Linux Centos 4.8 to do this

View 1 Replies View Related

Ubuntu Security :: 9.10 X64 Can't Login As Root

Aug 9, 2010

I've recently installed 64bit version of ubuntu 9.10 but the GDMsetup doesn't seem to be working as it was in 9.04 i mean to say when you type gdmsetup at console the login window pops up where i can check the check-box "Allow local administrator log in" under security tab. to enable login as root. since it is not working i've to type password every time when i install a package or create a folder in root directory or mount a drive which is quite irritating how can i login as root in gui mode etc... also is there some syntax which i can put into /etc/gdm/custom.conf so i can log in as root....

View 2 Replies View Related

Fedora Security :: Suddenly Root Password Invalid For Su Command?

Apr 9, 2011

I have recently installed Fedora 14 on a new computer we presented as a gift to my sister-in-law. She is new to Linux. Although I've used Fedora since Core 1, I'm no expert on security issues, and this baffles me. She's doesn't know how to change the root password, so why doesn't it work any more? She discovered the problem when attempting a yum update from a terminal.(1) How could the root password have gotten changed? How likely is it that someone got onto her system through ssh, made a lucky guess on her root password, and then changed it? Are there robots that do this?

(2) The firewall is enabled. I have it set up as follows: (a) under "Trusted Services," only ssh is checked (I need to be able to get in remotely this way); (b) under "Trusted Interfaces," I have eth0 checked (I need to be able to use VNConto her desktop).Question: Are these settings giving ample protection? What settings would be recommended to protect her system while at the same time allowing me to access it through ssh and VNC?

View 8 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved