I have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
Quote:
Code:
I've used these commands to generate my new keys and immediately got my sshd server running.
However, I now have the problem where the password is not being recognized and is repeatedly asked for.
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
It seem like unix abit annoying every time you log in you need to password can I disable it
View 10 Replies View RelatedI have tried to not allow root access and have created a wheel user.
Now I can not logged in as root.
Its okay but when am logging as wheel user and trying to access root then it says:
Code:
I'm trying to figure out why my industrial appliance (x86, running kernel 2.6.21.7 and OpenSSH_4.3p2 / OpenSSL 0.9.7m) accepts ssh connections without asking for a password (even for root)!When I log on to the local console as root I have to enter a password but strangely this prompt won't appear using a ssh connection (although I'm not using any client certificates).Of course that not acceptable but I just can't find the related configuration entry to disable this "password-less" authentification.Is this related to the sshd or has it something to do with the PAM module?
- Update ->
While looking at /var/log/secure, I've found the following lines:
Jul 18 16:55:07 localhost sshd[5712]: Accepted none for root from XXX port 6393 ssh2
[code]....
When I go to single user mode for resetting root password, It ask root pawssword for login.The message displayed on prompt is "Give root password for login.On the boot prompt, I select kernel and press 'e' and after one space type 1 for single User mode and then press 'b' for booting.It shows message entering in single user mode but ask root password. Even I tried into rescue mode, but I couldn't ser root password.In rescue mode on prompt, It shows rescue login: I typed root, But when typed 'passwd' foe resetting root pawssword,It shows message unknown user and not authetication.
View 1 Replies View RelatedI want to enable sshd from Internet, but I want to secure it as much as possible.Therefore, despite the fact that the service will run on a tcp port above 2000 to prevent most scans, I would like to :- First, force the use of a client certificate, to avoid brute force attack on my users/passwords- second force the use of a username/password to avoid someone having access to my system just by stealing my key..When I look at the configuration, it's possible to enable both, but one of them is sufficient to login, but I can't find how to make them both mandatory...
View 2 Replies View RelatedI'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
View 2 Replies View RelatedIs there an ssh or sshd parameter that can be set to block out a user after a set number of attempts tp login ?
View 1 Replies View RelatedI've been using ssh for a LONG time to connect my laptop to my desktop with no problems. I use a non-standard port (nnnnn) and keys. After a power outage that caused a shutdown and reboot, I can no longer ssh into the desktop. The only changes I've made are updates (laptop and desktop both running ubuntu 10.04).
$ ssh -p nnnnn Desktop
ssh: connect to host Desktop port nnnnn: Connection refused
No messages are generated in any of the logs on Desktop!
$ /usr/sbin/sshd -T
port nnnnn
protocol 2
addressfamily any
listenaddress 0.0.0.0:12023
listenaddress [::]:12023 .....
How to recover user password and root password in fedora if u forget
View 2 Replies View RelatedI no longer have access to my root desktop. On a session I attempted to change the root username but i apparently assigned it a wrong directory that does not exist. When I rebooted with my new root username, i was instead recognised as a simple user (no root privileges). I tried the console to change to "old" root but root password is not accepted and there is no way to access to sudoer files. it seems that inserting a new username requires root privileges and i am back to square one. Simply logging with old root username and password after restart gives me a blank screen with nothing on it and cannot even reboot.
View 9 Replies View Relatedi used opensuse 11.1 ...there is option for root user to create password for root...but for ubuntu i did not find anything like that...so how can i create root password....or how can i use root
View 1 Replies View RelatedI am using mint 8 for a 2 weeks, I am noob to linux but I like Mint than any other linux distro which is great alternative to windows. I have a problem regarding password reseting.
1. My laptop automatically get logged in without asking user name and password.
2. I tried to change password for newly created user and root user using graphical way but it does not work.
2. I can perform administrator task using only OEM user which is default inbuilt user of mint.
How can make my laptop to ask password when mint get booted? How to change password for other users?
At the RHEL prompt, I entered the standard user's username/password combo. Linux displays a message box stating:"Your account has expired; please contact your system administrator."Next, I entered "root" in the username field and entered the root password (which expired also--keep in mind that passwords are set to expire after x days). Linux displays a message box stating:"You are required to change your password immediately (password aged)."When prompted to "Enter current UNIX password", I entered the new password (was that the right thing to do?); Linux displays a message box stating:"The change of the authentication token failed. Please try again later or contact the system administrator."I rebooted the system and got into command line mode; somehow I logged in as "root" (don't know exactly how, but needed to change the password there). At the "#" prompt, I type "passwd root"; Linux displays the message "Changing password for user root", followed by the message "passwd: Authentication information cannot be recovered.
View 4 Replies View RelatedA friend of mine has told me to set a root password and use root (f.e. switching to su in terminal and work with root rights instead).Is there any way to unset the root password? I know how to use sudo now.
View 9 Replies View RelatedI found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
I have recently set up two machines with F14 and on both, I am completely unable to make remote login via SSH work. openssh-server is installed and seems to work well:
I have already worked for hours on the problem now, using Google and trying numerous things, and still could not find any solution. On my other machine, which still uses F13, remote login works just fine. Is there any change in the default behaviour of the sshd I am not aware of? I would really appreciate your assistance!
Protect against root password change[Log in to get rid of this advertisement]I have recently had to force a change of the root password on a linux box I was running. It was a test system which I had not used in a while, so I forgot the root password (not so smart).Anyway, I found that it was amazingly easy to reset the root password. Here is a straight forward article on how to do it.URL...
My question is: how can you protect against this? I see this as a security hole.I understand that the user must have physical access to the computer, but if I want to lock the system down so you cannot easily enter single user mode or the root password cannot be changed.
We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.
Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.
I'm on Squeeze with KDE 4.4.5. Basically, I can use my password for things like logging in, or authenticating on a shell with sudo successfully. But in other cases, I am asked to "become root", and when I enter my usual password, I'm told to check if I entered my password correctly. This happens with Aptitude (terminal GUI), for example: from Actions, I try to update the package list, and when I enter my password, I can read su: Authentication failure. However, if I start Aptitude by typing kdesudo aptitude on Konsole I can enter my password in the authentication box successfully, and use Aptitude with administrative privileges.
The example is valid also for other applications, such as System Monitor: just for the sake of the example, if I try to stop a process owned by root, say Aptitude, I'm asked for a password to become root, but my password doesn't do the trick. I'll have to open it from terminal with kdesudo ksysguard, then I'll be allowed to kill that process. Does it have anything to do with my choice at installation? I think I must have chosen to leave the root password field blank, and only entered my password as a user, for it explained I could become root anytime if there was need to with sudo.
I am running Fedora 12 as Guest OS in VMware Player. I installed Fedora 12 by using a Prepackage VM . The root user name and p/w was supplied by the person who made this appliance. Is there way for me to change root user name and pw
View 2 Replies View RelatedI want to use root password instead of adding my user to the list of sudoers,In Arch wiki ander Root password:Users can configure sudo to ask for the root password instead of the user password by adding "rootpw" to the Defaults line in /etc/sudoers: but that did not work for me. it asks for root password.Why do I want to do that:
1. I want to do that, I like sudo more than su -c 'some_command'.
2. sudo enables bash completion, su -c does not.
3. I don't want to add my user to sudoers list.
I found many users Suggesting alternatives and lowering the important of my need for this, when I asked this question in anther please.
As the title says... (when using add/remove). Not sure how it got this way, so can't just put something back - need a way to correct it.
View 1 Replies View RelatedI want to run zypper without being asked for the root password. So I added the commands to the sudoers file:
Code:
# User alias specification
User_Alias ADMIN = XXXX #note: this is not real username.
# User privilege specification
root ALL = (ALL) ALL
ADMIN ALL = NOPASSWD:/usr/sbin/vpnc ,/usr/sbin/vpnc-disconnect ,/usr/bin/zypper ref ,/usr/bin/zypper up
But I'm still being asked for password. I should note the the vpnc commmand is working as expected.
Is this a Fault on my part or a bug?? (not sure if this is the right place for this let me no if not i'll move it I want to add a user to Group "freevo" but if i open User settings via the GUI menus and click on the keys button to enter the root password it keeps coming back to me saying that the password is wrong even though it is'nt (and cap's is off).
So i try the terminal "user-admin" and had the same problem wrong password So i try'd "sudo user-admin" and entered the password at the command line and up pops the User settings GUI with root privileges
what does one do when he forgets the root password ? i still have a terminal logged in as root how can i change the password in terminall
View 2 Replies View RelatedI have been experiencing harassment with my websites being hacked so pardon me if this is an over-paranoid question.
Just recently started on FC11 after having abandoned Fedora for CentOS for a few months. So glad to be back, but...
I have been getting notices about security updates. When I click for the update, I am not asked for the root password and the update occurs.
Found a major security hole in one of my more crucial linux servers today. (Only locally) I can use the user name "root" and any string for the password. So I can literally type "poop" as the password and the server lets me in. I know how to set root password settings for SSH and sudo, but where are settings located for local access that would allow something like this?
View 14 Replies View Related