Reply
Thread Tools
.Ray is offline .Ray
2007-08-25 , 10:31
Posts: 5 | Thanked: 1 time | Joined on Aug 2007 @ UK
#1
A thought just came to mind, if I can ssh to my N800 from my pc as root, then so can anyone from the internet if I'm on a public access point, while the risk is low, it is not the best security practice.

Changing the root password appears to break the application manger gui. So as a paranoid user, I have edited /etc/ssh/sshd_config adding the following line:

DenyUsers root@*

and now to ssh into the device, I have to go in as "user" and run sudo gainroot, of course the user account is password protected
 
brendan's Avatar
brendan is offline brendan
2007-08-25 , 12:26
Posts: 531 | Thanked: 79 times | Joined on Oct 2006 @ This side of insane, that side of genius
#2
well if you simply set PermitRootLogin to "no" or "without-password" you would accomplish pretty much the same, but (in the case of "without-password") still allow yourself to generate an ssh key and get on the device as root with that key.

guess there is more than one way to skin a cat...
__________________
Nokia n800
OS 2008
Pharos iGPS 360-BT
ElmScan 5 BlueTooth
BlackBerry Bold (9000)
AT&T Wireless
 
TA-t3 is offline TA-t3
2007-08-27 , 12:22
Posts: 3,841 | Thanked: 1,079 times | Joined on Nov 2006
#3
What brendan says is good advice, and .Ray's solution also works, but I thought I should point out that changing the root password should not break anything. I have changed the root password after every firmware upgrade (exactly because I have an ssh server installed), and this has no side effects at all.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
 
Reply

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 14:03.

Contact Us - Home - Archive - Top