Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Is it possible to login via ssh on a linux machine, using one of two (or more) passwords set for root?
I want a primary password that I will change it frequently but in a case of emergency I want a "backup" password that will log me in. I hope that I stated the question clear. ;)
Don't use root accout. Use sudo.
When you configure sudo for your ordinary account, you can change root password to something complex and use sudo for normal daily work.
When something breaks, you will login to root with the complex password.
You can create multiple accounts that have userid 0, each with a different password. What matters for permissions is the userid, not the name.
However, there are some scripts that may check whether you're running as root, and they might check the login name rather than the ID. But if you're just using the backup account for emergency purposes, these glitches should not be a problem.
Disable the root login via ssh and create two user accounts, one for myself and a default account (which is there on all my machines with limited sudo access) with sudo access for both is what I do.
If it's all about ssh, then you can use keybased authentication, rather than password based auth.
This way, two (or more) users can login (as root, as a given user) without having to share the password.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I were using windows but now I am shift to unix like os sucn as linux,fedora .Now I am confused what is root in linux os?Please explain me.
Root user is also known as superuser in Linux-based OS. Basically, root user is granted all permission to do various task on that system. This includes adding/removing normal user account, managing services, changing ownership of files/folder and many more.
Normally, it is recommended for system administrator to create another normal user account to perform day-to-day operations while root account should only use when necessary. Once the system administrator has completed the necessary task, he/she will then revert back to their normal user account immediately. It is because a mistyped of command using root account might lead to wiping all data in the system!
For more information about root, you can visit here and here. Hope it helps.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I recently started looking at my auth-logs and surprisingly found bots from china trying to bruteforce their way in this (didnt try hard). I went all about changing numerous things that bots would never check, and made harder to bruteforce.
My question is:
I am trying to find a list of all users that can log in to my server via SSH. I know that /etc/passwd has a list of all users, but I don't know if any of them (except for 1) can be logged in.
My goal is to only have 1 user that can be logged in, and having that user have a real strong password.
Read man sshd_config for more details, but you can use the AllowUsers directive in /etc/ssh/sshd_config to limit the set of users who can login.
e.g.
AllowUsers boris
would mean that only the boris user could login via ssh.
Any user with a valid shell in /etc/passwd can potentially login. If you want to improve security, set up SSH with public-key authentication (there is lots of info on the web on doing this), install a public key in one user's ~/.ssh/authorized_keys file, and disable password-based authentication. This will prevent anybody except that one user from logging in, and will require that the user have in their possession the matching private key. Make sure the private key has a decent passphrase.
To prevent bots from trying to get in, run SSH on a port other than 22 (i.e. 3456). This doesn't improve security but prevents script-kiddies and bots from cluttering up your logs with failed attempts.
Any user whose login shell setting in /etc/passwd is an interactive shell can login. I don't think there's a totally reliable way to tell if a program is an interactive shell; checking whether it's in /etc/shells is probably as good as you can get.
Other users can also login, but the program they run should not allow them to get much access to the system. And users that aren't allowed to login at all should have /etc/false as their shell -- this will just log them out immediately.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am trying to migrate data from onw of my VPS to another. The problem is, for the VPS from where I am moving the files, I don't have root access, and most of the user uploaded content in there are owned by apache, and hence when I tried rsync I got access denied. I tried chown from the account I do have access to, but it seems that account can't change the owner of those files(but I might be doing it wrong as well, since I am new to SSH. So please tell me the correct syntax to recursively change ownership of all files within a folder and subfolders. I tried chown -R dirname/*). So is there any other way to move these files?
Also, if I reset the password(I am on godaddy linux-VPS), will it affect my site or cause any downtimes? If I get root access, will it help in this matter?
Resetting your password on your Go Daddy Linux VPS should not cause any downtime. The password reset should just change the user and root passwords. Once you are logged in to the server as your user you will then use the "su" command to change to the root user. You cannot log in directly as root. The command will look like this:
#su -
Once logged in as root you should be able to do the rsync without issues.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Let's say I let my friend "Stuart" have an account on my VPS with very limited privileges because he asked very nicely. Since Stuart isn't so bright, he accidentally posts his password in an IRC chatroom, and now everyone and his/her grandma can ssh into his account. My question is, in the hands of an experienced hacker, what kind of damage can be done to the system?
Could someone just write a simple C program to intentionally manipulate a buffer overflow in strcpy and serve up a root shell for full control of the system, or are there built-in protections against that in the OS?
There are any number of attackers an attacker with local privileges could perform including but not limited to:
Fork Bombs
Accessing services bound to 127.0.0.1
Using your server as a proxy for malicious attacks
Serving malicious files from your server
Local exploits
Information Leakage
Mail relaying
etc
The attack you describe however is not possible as the file would have to have to be owned by root and have the setuid or setgid bits set.
Once someone has access to the machine, instead of needing a remote exploit, they only need to escalate privileges to have root access.
Remote exploits require having an external publicly-accessible vulnerable service. There shouldn't be any of those running on a standard VPS, assuming that it's being well maintained.
Once a remote user can authenticate, they can execute any code that's on the machine, or bring in more. If there is a bug in the kernel, or in any program that has setuid to root, they can use that to escalate their privileges to a user who has more power - like root.
So a simple buffer overflow in a custom program written by the attacker isn't your concern - that shouldn't allow them to have any extra power. What you're concerned about is a bug in the system that the attacker now has the access, and so, the ability, to exploit.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm about to hand out my root server password to a company for them to fix an issue that I have with mydns.
I'm sure they are all above board (and I will change the root password after they have finished) but I just want to be sure.
I know (well I think) I can login after them and execute history to see what they did, but I know if they are dishonest, they can just clear the history. I'm worried in case a rogue employee does something malicious or installs keylogging software (which has happened when my mate let another company manage his VPS).
So is there anything I can do? Does the history command backup somewhere? Can I install a keylogger to verify the commands they execute are not malicious?
Any ideas welcome. Ideally I appreciate I shouldn't give out my root password if I don't trust them. But I am in a very difficult situation and have no choice.
Since you are giving them root access, there is nothing you can do from within the machine that they could not subvert with a rootkit.
Your only way to be sure would be to mount the filesystem in another machine and compare the changes made to the files by comparing with a previously made snapshot/backup.