I have an old Linux system which can be accessed via a public IP address.
When you connect to the SSH port you can login as root with any password.
The only restriction is that the password needs to be at least 1 character long.
In the (far) past, when this system was developped, this was ok as the system was always behind a dialup modem which had its own authentication.
Since a few years the system is connected via ADSL and has a public IP address (no VPN) … miraculously noone ever bothered with the SSH port … until last week …
Last week a chinese IP address connected through the SSH port, logged in with the root account, changed some system settings (including the root password), and logged out … I could see this in /var/log/messages which I could retreive via another port.
How can I set a real password for the root account?
I tried to set it using the passwd command giving a new password, but after that I could still login with any random password (before and after a reboot)
In /etc/shadow it says the following about the root account:
root:8ZGWAPs9N9EJQ::::::
In /etc/ssh/sshd_config I see the following line commented out:
#PermitRootLogin yes
As "yes" is the default value I see nothing wrong with that.
Some info about the system:
login shows:
BusyBox v1.00-pre9 (2004.07.09-11:06+0000) Built-in shell (ash)
cat /proc/version gives :
Linux version 2.4.31 (<emailaddress>) (gcc version 3.3.2 20031022 (Red Hat Linux 3.3.2-1)) #4 Thu Sep 22 09:13:06 CEST 2005
I now closed the SSH port in the ADSL modem firewall, so it cannot be accessed remotely anymore, which gives me some time to solve this issue
I would like to give the root account a real password which has to be used with any SSH connection, preferably without having to reset the system
I believe this is possible as the system wasn't rebooted last week and all processes were still running, but I couldn't login into the root account anymore with any password.
[EDIT]
as pingz suspected this seems to be caused by nullok in /etc/pam.d/system-auth
is it possible to edit this file and load the new settings without having to stop any running processes?
the first lines of /etc/pam.d/system-auth show :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
If I now remove nullok from this file, and somewhere in the future the system is rebooted, will nullok be back, or will my change remain?
Best Answer
There is a way to disable user password, nullok module in PAM.
check this link for more information:
http://www.cyberciti.biz/tips/linux-or-unix-disable-null-passwords.html
If that is your case, just change the this bizarre configuration.
====================================================
For your further questions, any changes to PAM configure files will take effect instantly, this may cause you being lock out of the system by mistake. So RHEL provides the authconfig/authconfig-tui tools to do it as the comments saying. If you run it, it shall reset config for you. Check the authconfig man page, before you running it.