| Summary: | ASTERISK-08227: No root password (security problem) | ||
| Reporter: | Andrew Payne (payne92) | Labels: | |
| Date Opened: | 2006-11-30 15:47:27.000-0600 | Date Closed: | 2006-12-04 14:30:55.000-0600 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | [entered for tracking] The default system configuration has no root password. This is a security problem, as anyone with physical access to the box can log into the system with root (no password needed) and have complete system access. (One option is to set the root password to the 'admin' password chosen by the user at installation time. If that's done, then the documentation needs to be updated so the user understands that that password is used for both 'admin' and 'root' logins). | ||
| Comments: | By: Matthew Nicholson (mnicholson) 2006-11-30 16:09:39.000-0600 I think there is a way to disable root login. Are we not already doing this? This is how ubuntu does it, which makes it impossible to login as the root user. By: Brandon Kruse (bkruse) 2006-11-30 19:23:00.000-0600 Mnicholson is right, we are doing an ubuntu style login, from what I understand. To where you CANNOT directly login as root and have permissions to do anything you want.(protection reasons) Along with this, (if it is in fact like ubuntu) you can sudo su - to root (with your password, if you are in the sudo file) and then change the password for root by administering the command: passwd (not recommended, your defeating the purpose) Of course we do this to keep you guys safe, and not allow root access from the login screen. By: Dorian Gray (dorian) 2006-12-02 09:37:28.000-0600 also: by default, sshd allows root login (but does disallow empty passwords) you may consider changing /etc/ssh/sshd_config to have: PermitRootLogin no I definitely saw language in the install gui advising use of sudo to perform root operations; but probably many people are not reading those sidebar blurb texts while the installer is running. what about some additional language on the text menu? (that update/reboot/etc. console that shows by default when *NOW runs, I don't know what to call that thing...) By: Brandon Kruse (bkruse) 2006-12-02 17:18:59.000-0600 Doria, You are partially right. This is a great way to be more secure, however, no one will ever be able to login to root, because root is enabled via ssh, but there is NO password, its absolutly impossible to login. You have to remember that because you can sudo to root and use YOUR user account password, does NOT mean you can use that password for direct login via ssh. Not meaning to be a pain, just making sure its 100% clear. Disabling root from ssh could definitly be a good option. Thanks for the suggestion :] By: James Lyons (james) 2006-12-04 14:30:54.000-0600 Preventing root from logging into the system from terminal and ssh. Will be in beta2 | ||