Date: Sat, 16 Mar 2002 17:45:19 -0600 From: "GB" <gregbrooks@blue-mouse.com> To: <freebsd-questions@freebsd.org> Subject: An idiot, his box, and a security question Message-ID: <002d01c1cd44$a2307740$0301a8c0@CITYMOUSE>
next in thread | raw e-mail | index | archive | help
Folks, three quick questions (probably simple ones) are at bottom, but I felt like I had to provide some background: BACKGROUND: I have a FreeBSD box working (excellently, I might add!) as a qmail toaster via the instructions posted at http://matt.simerson.net/computing/qmail.toaster.shtml . I couldn't quite get things to work on my own, so I hired a TUG (Trusty Unix Guy) to come in via SSH and make some fixes. In the name of security, he made some changes, per the snipped e-mail below: * * * * (begin snippet) I changed /etc/ssh/sshd_config. I changed PermitRootPasswords from "yes" to "without-password". If you want to log in as root with that, you'll have to set up ssh key based authentication. I've also removed the root password. That means you can walk up to the console and login as root with no password. You're welcome to change that. Currently with the sshd config root can't log in without a RSA or DSA key. Man ssh for more info on key based authentication. You can also delete my account if you want to revoke my access. If you do so, you'll also want to remove me from the sudoers file (visudo). Try not to use your root stick. Attempt to never log in as root. When you need root, use sudo (I set you up already). (end snippet) * * * * THREE DON'T-KNOW-NUTHIN'-ABOUT-SSH QUESTIONS: * When attempting to login at "root" and just hitting ENTER at the password prompt, I can't get in. Am I missing something about his "no password required for root" comment? * Because I can't log in as root, any root-like changes I want to make would have to be made via sudo. What commands would I issue from the command line to change my root password back to what it was before? * When I attempt to telnet into the machine (from within or outside of my own LAN), I'm immediately prompted with "User Access Verification" and a Password prompt. No known passwords for the machine work. I thought this was particularly odd, since the box wasn't asking for a login, only a password. I like the idea of being very secure, yet I admit the man SSH pages left me confused. At this point, I'd be happy if I could: * Telnet into my machine and execute commands as root via sudo * Actually login as root while sitting at the machine so I could make broad changes, install/delete ports, etc. Many, MANY thanks! Greg B. - - - - - - - - - - - "... I'm rapidly climbing the ladder from FreeBSD idiot to FreeBDS moron. Wanna watch?" -- Greg B., 02/1/02 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002d01c1cd44$a2307740$0301a8c0>