Trouble Logging In as Root
CLIFFORD ILKAY
clifford_ilkay at dinamis.com
Tue Nov 11 03:45:31 UTC 2008
Mark Haney wrote:
> CLIFFORD ILKAY wrote:
>
>>> Am I missing something really obvious here? How can setup my computer so
>>> that I can login as root? I have all my files backed up so if another fresh
>>> install is required that is certainly as possibility.
>> Hi,
>>
>> Ignore the advice to set a root password.
>
> Okay, I came rather late to the party but I would like to say a couple
> of things here. First and foremost. NEVER leave root without a
> password. PERIOD. This is not only probably the biggest security hole
> ever, it's just plain wrong. Root is (in the phrasing of Ric Flair)
> 'THE MAN'. It can do everything. Anyone leaving root exposed runs a
> big risk.
On Ubuntu systems, root is not exposed because it isn't enabled. From
man shadow:
"If the password field contains some string that is not valid result of
crypt(3), for instance ! or *, the user will not be able to use a unix
password to log in, subject to pam(7)."
On my systems, in /etc/shadow, I have:
root:!:14136:0:99999:7:::
That is stock K/Ubuntu. Note the exclamation mark in the password field.
It doesn't matter how many passwords an attacker tries, they're not
likely to be able to login. If I had set a password as some were
suggesting, root would have been enabled and the system would have been
*more* vulnerable, not less. On a K/Ubuntu system, a remote attacker has
to know which accounts are in the admin group and crack that account
first before being able to become root.
All bets are off if the attacker has physical access to the machine
because rebooting and starting in "recovery" mode is usually enough to
get root and failing that, one could always boot from an alternate boot
device, like a live CD, and get at whatever files are on the disk anyway.
The measures above are more relevant for remote access in which case,
you could make it tougher to break in by doing a few simple things.
1. Don't enable root.
2. Don't allow remote root logins via ssh, which is a moot point if you
don't enable root anyway.
3. Disable password logins via ssh and insist on RSA authentication.
Once you put your public key on the server, you only have to unlock your
local private key (which you must guard closely).
4. Change the port sshd listens on from the default of 22 to something
else. I know it's security through obscurity but if nothing else, it's
another hurdle, even if it is minor to a determined attacker but it
certainly cuts down considerably against the idiots who run scripted joe
job attacks.
If you do the above, in order for someone to get root on your machine,
they would have to steal your private key, figure out what the pass
phrase it to unlock it (The operative word is "phrase"!), figure out
what port your machine is listening on, get a shell on your machine and
hope that you're in the admin group. I suppose we could make even it
tougher and not allow anyone in the admin group to connect via ssh. That
way, you'd have to switch user (su) to an account in the admin group and
then use sudo to get root.
As for someone in the admin group being able to lock everyone else out,
a) you should never give someone those privileges if you don't trust
them, and b) let them change the password. I'll have root on that
machine as soon as I boot from an alternate boot device.
--
Regards,
Clifford Ilkay
Dinamis
1419-3266 Yonge St.
Toronto, ON
Canada M4N 3P6
<http://dinamis.com>
+1 416-410-3326
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3273 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20081110/8c93428c/attachment.bin>
More information about the ubuntu-users
mailing list