Problem: No password-free remote 'root' login possible

Problem: No password-free remote 'root' login possible

Post by Holger Kausch KS/IK 58a/1/27 #436 » Sat, 30 Sep 1995 04:00:00



Hello,

I have a problem administrating Linux-PCs via the network:

        Everytime I login as 'root' on a Linux PC (Slackware 2.2,
        kernel 1.2.13, shared libs 4.6.27), I have to enter a password
        via the net - this is not acceptable!
        I did not find a way for 'root' to bypass it ($HOME/.rhosts,
        /etc/hosts.equiv don't work!).
        It would be very helpfull to fix this problem because in our
        Linux/Sun-OS network centralized administrator machines are installed,
        from which 'root' can login on any other workstation without password
        input - just Linux currently doesn't supports it!

Thank's!


PS: Address is wrong - I know, thank you!
    I will fix it, when I have the time!!!

 
 
 

Problem: No password-free remote 'root' login possible

Post by Jude Charles Giampao » Sun, 08 Oct 1995 04:00:00




Quote:

>         Everytime I login as 'root' on a Linux PC (Slackware 2.2,
>         kernel 1.2.13, shared libs 4.6.27), I have to enter a password
>         via the net - this is not acceptable!
>         I did not find a way for 'root' to bypass it ($HOME/.rhosts,
>         /etc/hosts.equiv don't work!).
>         It would be very helpfull to fix this problem because in our
>         Linux/Sun-OS network centralized administrator machines are installed,
>         from which 'root' can login on any other workstation without password
>         input - just Linux currently doesn't supports it!

Let me see if I have this right. Its better to be able to log in as root
without using a password than it is to send the password out over then
network? I really don't think that's a great idea. If I sen the password
out someone will have to sniff the trafic and put the password back
together. OK, that's really not that hard. But in the other case I just
pretend to be the administration machine and BANG! I'm root everywhere.
There's got to be a better way.

--
Jude Giampaolo              Case Western Reserve University
Electrical Engineering      'There's not much to see actually,
and Applied Physics         we're inside a Chinese dragon...'

WWW==>    http://prozac.student.cwru.edu/jude/JudeHome.html

 
 
 

Problem: No password-free remote 'root' login possible

Post by merc » Mon, 09 Oct 1995 04:00:00



Quote:>>         Everytime I login as 'root' on a Linux PC (Slackware 2.2,
>>         kernel 1.2.13, shared libs 4.6.27), I have to enter a password
>>         via the net - this is not acceptable!

>Let me see if I have this right. Its better to be able to log in as root
>without using a password than it is to send the password out over then
>network? I really don't think that's a great idea. If I sen the password
>out someone will have to sniff the trafic and put the password back
>together. OK, that's really not that hard. But in the other case I just
>pretend to be the administration machine and BANG! I'm root everywhere.
>There's got to be a better way.

I do not understand your remark. You can not pretend to be what you are not.
The question implies that you are root AND root of a specific machine, that
is allowed to connect as root on another machine. Obviously, the characteristics
of that machine is known. I do not believe it is possible to simulate the
allowed machine ( IP address and the rest ) without it being immediately detected.
Any idea around... ?
 
 
 

Problem: No password-free remote 'root' login possible

Post by Gary Hest » Mon, 09 Oct 1995 04:00:00



=>>         Everytime I login as 'root' on a Linux PC (Slackware 2.2,
=>>         kernel 1.2.13, shared libs 4.6.27), I have to enter a password
=>>         via the net - this is not acceptable!

=>Let me see if I have this right. Its better to be able to log in as root
=>without using a password than it is to send the password out over then
=>network? I really don't think that's a great idea.  [ ... ]

=I do not understand your remark. You can not pretend to be what you are not.

In the above case, one certainly can.

=The question implies that you are root AND root of a specific machine, that
=is allowed to connect as root on another machine. Obviously, the characteristics
=of that machine is known. I do not believe it is possible to simulate the
=allowed machine ( IP address and the rest ) without it being immediately detected.

You are incorrect. This is called "spoofing" and is a serious problem.
I would never allow a network I was responsible for to permit a root
priviledge login without the entry of a password unless the network was
completely physically secure (and even then I'd worry about it). With
currently available software, it's possible to change the hardware address
associated with a computer. Altering the configuration to use a different
IP address is trivial. Attach a rogue system to a network, trap the
hardware address of the system you want to spoof, configure the rogue
to match, and you're in as root on the target system in seconds.

And this type of thing can go on for quite a while undetected. It only
takes a minute to set up a suid shell, then break the spoofed connection
and go to work on the target, doing whatever infantile damage the
intruder wishes.

=Any idea around... ?

Just take the root passwords off your systems. That way, you'll be able
to save those few seconds when you log in. You can remember them when
you spend hours cleaning up the mess.

If Linux doesn't allow what you're trying to do, I consider that to be
a mark in Linuxs' favor.

Gary

--

   The Chairman of the Board and the CFO speak for SCI. I'm neither.
"Quit while you're ahead. All the best gamblers do."  Baltasar Gracian

 
 
 

1. 'failed running login shell' no non-root user login possible

Hello,

I did a fresh installation of AIX 4.3.3.0 on a R6000.

Everything seemed to work out fine and the system is up and running.

Unfortunately a successful login (on console or via telnet) is only
possible for the root-account.
For any other user the password is correctly verified and the login
process is starting (displaying AIX welcome screen) but it terminates
and closes immediately with the message 'failure running login shell'.

As far as I could imagine possile problems I checked access-permissions
on /home /tmp and the shell executable but everything looks alright...

If this problem seems familiar to anybody I would be happy to hear some
suggestions for solving it.

Cheers,
Chris

2. Howto Change Resolution in Linux e.g. fr 640X480 to 800X600 etc...

3. is it possible to change the 'root' login name?

4. Help: login banner reappears with every keystroke

5. What is the difference between 'login: root' and 'su -' ?

6. Setting up Network Audio System (NAS)

7. Turning off Job Control in ksh

8. What 'LOGIN-root' means in 'sulog'?

9. I changed root's shell and doesn't login as root

10. Free as in 'Freedom' not 'Free Beer'

11. Can't set root password- Password busy error -is not due to temp password file

12. Problem installing linux (login as 'root')