Re: Root password and ssh?
Hi, > Well, you can always login via SSH as a root... if this is configured ... You can not login as root on any of my machines, you can not even login with a bare password. But everyone can use the level of security he wants. Dirk ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't know why, but it seems, as this is just done at this time. The playlist of the mediaplayer is stored in the directory of root. Greetings Bastian Bradley Hook schrieb: | I'd have to ask why your music files and images are owned and readable | only by root. Doesn't make much sense. You don't run your media player | as root, do you? Config files should be chmod 640 to root, and certain | executables as well, but content and such should be in the arena of | normal users. And you WANT to inconvenience your users if they are | trying to do something as insecure as logging in over ssh as root. I do | hope that OM isn't set up to run everything as root by default... | | Mo Abrahams wrote: | | Except for if music files, images etc.ÿ on the phone are owned by root, | | in which case we wouldn't be able to access them via ssh. | | | | On Wed, 2008-05-14 at 09:54 -0500, Stephen Shelton wrote: | |> Why not disable login as root? Seems pretty simple, and IMO a good | practice in | |> general. I assume logging in as foo user works as normal...? | |> | | | | | | ___ | | Openmoko community mailing list | | community@lists.openmoko.org | | http://lists.openmoko.org/mailman/listinfo/community | | | | | ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIK2hhlYiDScJJ+7QRAkyjAKD03mocwiwjjox1SUn9oIJUy9711QCgyXHB cGUFWHjsoIPiw1nZUQ0ySDo= =OhHe -END PGP SIGNATURE- ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
Dirk Deimeke wrote: security costs comfort ... that is the way it is. scp file freerunner:/tmp ssh [EMAIL PROTECTED] "sudo cp /tmp/file /final/destination" Well, you can always login via SSH as a root... Then I generally use SSH using both konqueror kio and Gnome gvfs and I don't lose any comfort! -- Treviño's World - Life and Linux http://www.3v1n0.net/ ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'd have to ask why your music files and images are owned and readable only by root. Doesn't make much sense. You don't run your media player as root, do you? Config files should be chmod 640 to root, and certain executables as well, but content and such should be in the arena of normal users. And you WANT to inconvenience your users if they are trying to do something as insecure as logging in over ssh as root. I do hope that OM isn't set up to run everything as root by default... Mo Abrahams wrote: | Except for if music files, images etc. on the phone are owned by root, | in which case we wouldn't be able to access them via ssh. | | On Wed, 2008-05-14 at 09:54 -0500, Stephen Shelton wrote: |> Why not disable login as root? Seems pretty simple, and IMO a good practice in |> general. I assume logging in as foo user works as normal...? |> | | | ___ | Openmoko community mailing list | community@lists.openmoko.org | http://lists.openmoko.org/mailman/listinfo/community | | - -- ~Bradley Hook Education Systems Administrator Kansas State School for the Blind 1100 State Avenue Kansas City, KS 66102 Voice: (913) 281-3308 ext. 363 Mobile: (913) 645-9958 Facsimile: (913) 281-3104 http://www.kssb.net ** Confidentiality Statement: This message and accompanying documents are covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, and contain information intended for the specified individual(s) only. This information is confidential unless explicitly indicated otherwise. If you are not the intended recipient or an authorized agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this document in error and that any review, dissemination, copying, or the taking of any action based on the contents of this information is strictly prohibited. If you have received this communication in error, please notify the sender immediately by E-mail, and delete the original message. ** -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIKzNsdLuK9oP1lmYRAhJ5AKClESkNOFWFHFLAg0FP7hmY8vi7hgCffCOf j1eNnA6B51s0IBKejYaRcFA= =uHph -END PGP SIGNATURE- ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
On Wednesday 14 May 2008 10:58, George Brooke wrote: > On Tue, 13 May 2008 23:03:45 +0100 > > "andy selby" <[EMAIL PROTECTED]> wrote: > > You are correct, the root account on the phone has a blank password, > > Maybe part of the getting started manual could include setting up > pubkey authentication and disabling password logins (at least for the > wifi maybe they could still be allowed over usb - not sure if that's > possible). I think that the ip address is always the same to make using > eth over usb simpler - the wifi should pickup its address from dhcp (or > from a static config). > > solar.george This information is already on the wiki and has been there for a very long time. http://wiki.openmoko.org/wiki/USB_Networking#Connecting_to_phone -- Andy / ScaredyCat ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
Hi, > That would impede scp'ing said files... security costs comfort ... that is the way it is. scp file freerunner:/tmp ssh [EMAIL PROTECTED] "sudo cp /tmp/file /final/destination" Dirk ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
Aha, of course. I didn't think about it properly (I blame lack of caffeine, a problem now solved). I was thinking about it as if logging in as root was disabled altogether. On a slightly related note... what is the hostname of the phone? Can it be set or is it going to be the same for all freerunners? Personally I would like to give my phone a name in fitting with all my other computers (so far I have descartes, sartre, turing). On Wed, 2008-05-14 at 11:32 -0400, Chris Wright wrote: > 2008/5/14 Mo Abrahams <[EMAIL PROTECTED]>: > > Except for if music files, images etc. on the phone are owned by root, > > in which case we wouldn't be able to access them via ssh. > > On the contrary! > 1. Disable root login via ssh. > 2. Log in as a luser. > 3. Su to root. > > ___ > Openmoko community mailing list > community@lists.openmoko.org > http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
That would impede scp'ing said files... -- Stephen Shelton [EMAIL PROTECTED] http://www.stephenashelton.com ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
2008/5/14 Mo Abrahams <[EMAIL PROTECTED]>: > Except for if music files, images etc. on the phone are owned by root, > in which case we wouldn't be able to access them via ssh. On the contrary! 1. Disable root login via ssh. 2. Log in as a luser. 3. Su to root. -- http://dsource.org/projects/dmocks -- Mock objects and more for the D programming language ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
Except for if music files, images etc. on the phone are owned by root, in which case we wouldn't be able to access them via ssh. On Wed, 2008-05-14 at 09:54 -0500, Stephen Shelton wrote: > Why not disable login as root? Seems pretty simple, and IMO a good practice in > general. I assume logging in as foo user works as normal...? > ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
On Wed, May 14, 2008 at 06:34:17AM -0400, [EMAIL PROTECTED] wrote: > Well, it would take programming but I think the "correct" method of > handling this would be to either disable ssh altogether or (perferably) > only > enable it for the usb interface, and then *if* a user wants to make their > phone availble for ssh via wifi there should be an "enable ssh" > configuration > option that prompts you to set the ssh password. That way the vast majority > of > consumer users never have to worry about ssh being enabled or not and > there's no default password to the phone to make it look bad security-wise. > > - Michael > > On Wed, 14 May 2008, George Brooke wrote: > >> On Tue, 13 May 2008 23:03:45 +0100 >> "andy selby" <[EMAIL PROTECTED]> wrote: >> >>> You are correct, the root account on the phone has a blank password, >> >> Maybe part of the getting started manual could include setting up >> pubkey authentication and disabling password logins (at least for the >> wifi maybe they could still be allowed over usb - not sure if that's >> possible). I think that the ip address is always the same to make using >> eth over usb simpler - the wifi should pickup its address from dhcp (or >> from a static config). >> >> solar.george Why not disable login as root? Seems pretty simple, and IMO a good practice in general. I assume logging in as foo user works as normal...? -- Stephen Shelton [EMAIL PROTECTED] http://www.stephenashelton.com >> >> ___ >> Openmoko community mailing list >> community@lists.openmoko.org >> http://lists.openmoko.org/mailman/listinfo/community >> >> > > ___ > Openmoko community mailing list > community@lists.openmoko.org > http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
Well, it would take programming but I think the "correct" method of handling this would be to either disable ssh altogether or (perferably) only enable it for the usb interface, and then *if* a user wants to make their phone availble for ssh via wifi there should be an "enable ssh" configuration option that prompts you to set the ssh password. That way the vast majority of consumer users never have to worry about ssh being enabled or not and there's no default password to the phone to make it look bad security-wise. - Michael On Wed, 14 May 2008, George Brooke wrote: On Tue, 13 May 2008 23:03:45 +0100 "andy selby" <[EMAIL PROTECTED]> wrote: You are correct, the root account on the phone has a blank password, Maybe part of the getting started manual could include setting up pubkey authentication and disabling password logins (at least for the wifi maybe they could still be allowed over usb - not sure if that's possible). I think that the ip address is always the same to make using eth over usb simpler - the wifi should pickup its address from dhcp (or from a static config). solar.george ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
On Tue, 13 May 2008 23:03:45 +0100 "andy selby" <[EMAIL PROTECTED]> wrote: > You are correct, the root account on the phone has a blank password, Maybe part of the getting started manual could include setting up pubkey authentication and disabling password logins (at least for the wifi maybe they could still be allowed over usb - not sure if that's possible). I think that the ip address is always the same to make using eth over usb simpler - the wifi should pickup its address from dhcp (or from a static config). solar.george ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
Re: Root password and ssh?
> am i right in thinking that the root account on the openmoko has no > password - if so is that not quite a large security hole what with wifi > and sshd being enabled, or is sshd only available over usb? You are correct, the root account on the phone has a blank password, Since no one has wifi on their neo at the moment its not a problem. I tried changing the password with the passwd command (I'm using qtopia rootfs), it seemed to work but it still let me in with a blank password, in fact it let me in when I typed in_any_password! A worrying development if all neos have the same ip address, hopefully this will be fixed on the freerunner. ___ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
