On an old system the root account accepts any password, as long as it's not empty.
In the past (more than 10 years ago) this wasn't a problem as the system was behind a dial-up modem with its own authentication ... but since a few years the system can be reached via a public IP address.
Miraculously noone ever bothered with its SSH port, until last week.
Someone (chinese IP address) logged in as root and changed some system settings and logged out.
I restored the system from a backup, and changed the SSH port so that it can't be reached through the ADSL modem anymore to give me some time to solve this problem.
The problem seems to be in /etc/pam.d/system-auth :
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
When I change
auth sufficient /lib/security/pam_unix.so likeauth nullok
to
auth sufficient /lib/security/pam_unix.so likeauth
then the root account doesn't accept any random password anymore, but it doesn't accept my configured password either
Before, and after, changing system-auh I set the root password via the password command. I was surprised I didn't have to enter an old password, but could just give the new password (2 times).
After changing the password I got the answer Password changed but I could not login via SSH with the new password.
Do I have to set the root password somewhere else? Or does removing nullok completely block the root account via SSH?
Aucun commentaire:
Enregistrer un commentaire