• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

change root password?

W

Wik

Platinum Member
Ok, dumb question. what is the process to change root password with linux from an ssh session?
 


<< Assuming you actually are root, yes. >>



Yap, if the system lets you log as root over the net you should be able to use any commands
available...

Be advised that this is not a good security option. Only regular users should be allowed to log
from over the network!
 
Well I needed to have root access on that machine from a remote location. The machine did not have a strong root password as it was not intended to be anything but a test box off the network anyway. Well, I needed put it in use one night late, and I forgot that the password was pretty weak. I will not be able to return to that physical location for a few days, so I only have ssh available to do anything on that machine. It will only be online till the end of the month anyway, but I wanted to make that password a bit stronger then it was.

Thanks for your help. I am still learning this stuff.
 
Forget logging in as root. Use sudo or su (on rarer occassions). sudo is the one of the best security applications out there.
 
Forget logging in as root. Use sudo or su (on rarer occassions). sudo is the one of the best security applications out there.

He said he's using ssh, and since su and sudo both require you type a password if someone's sniffing his ssh session he's screwed anyway.
 


<< He said he's using ssh, and since su and sudo both require you type a password if someone's sniffing his ssh session he's screwed anyway. >>



Yes, but sudo requires that you enter your user's password, not the root password. If someone's sniffing (not sure sniffing a ssh session would yeild much useful information anyway as ssh encrypts data) all they get is a user password, which they would have gotten from your login anyway.
 


<<

<< He said he's using ssh, and since su and sudo both require you type a password if someone's sniffing his ssh session he's screwed anyway. >>



Yes, but sudo requires that you enter your user's password, not the root password. If someone's sniffing (not sure sniffing a ssh session would yeild much useful information anyway as ssh encrypts data) all they get is a user password, which they would have gotten from your login anyway. >>



Yes, he would be screwed anyways. But I still believe they are better ways to go about things in general, and you can lock down sudo pretty well. As far as sniffing ssh sessions, its possible, just really hard 😉
 
As far as sniffing ssh sessions, its possible, just really hard

Atleast for ssh1, I don't think protocol 2 has the same issues.

and you can lock down sudo pretty well.

Yes, but you have to know each program you enable through sudo very well. As soon as you put in a program that allows some sort of way to start a shell or the like, you've opened up a whole new way in.

I'm not saying sudo's bad, but I think it protects you more from yourself (and type-os) than a determined hacker.
 
Well if someone wants to go through the trouble of sniffing my ssh session on this machine, they are pretty much wasting their time. The box in not going to be online for very long. There is nothing on the machine of value. It is not connected to any other network of mine, just the interenet. After I take if offline in a week or so, it most likely will not be put on the net again.

Thanks for all the advise though. Need to keep feeding the brain.
 


<< As far as sniffing ssh sessions, its possible, just really hard

Atleast for ssh1, I don't think protocol 2 has the same issues. >>



Nothing is perfect, but I havent looked into sniffing v2 so you may be right.



<< and you can lock down sudo pretty well.

Yes, but you have to know each program you enable through sudo very well. As soon as you put in a program that allows some sort of way to start a shell or the like, you've opened up a whole new way in.

I'm not saying sudo's bad, but I think it protects you more from yourself (and type-os) than a determined hacker. >>



I agree, but the original question was answered so throwing out some extra info doesnt hurt 😉
 


<< I agree, but the original question was answered so throwing out some extra info doesnt hurt >>




You are so correct. 🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top