From owner-freebsd-questions Sat Mar 16 15:42:15 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mail5.registeredsite.com (mail5.registeredsite.com [64.224.9.14]) by hub.freebsd.org (Postfix) with ESMTP id 6262437B402 for ; Sat, 16 Mar 2002 15:42:02 -0800 (PST) Received: from mail.blue-mouse.com ([209.35.30.221]) by mail5.registeredsite.com (8.11.6/8.11.4) with ESMTP id g2GMoFm16749 for ; Sat, 16 Mar 2002 17:50:15 -0500 Received: from CITYMOUSE [209.35.30.221] by mail.blue-mouse.com with ESMTP (SMTPD32-6.06) id A84611EB0030; Sat, 16 Mar 2002 18:41:58 -0500 From: "GB" To: Subject: An idiot, his box, and a security question Date: Sat, 16 Mar 2002 17:45:19 -0600 Message-ID: <002d01c1cd44$a2307740$0301a8c0@CITYMOUSE> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.3416 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Folks, three quick questions (probably simple ones) are at bottom, but I felt like I had to provide some background: BACKGROUND: I have a FreeBSD box working (excellently, I might add!) as a qmail toaster via the instructions posted at http://matt.simerson.net/computing/qmail.toaster.shtml . I couldn't quite get things to work on my own, so I hired a TUG (Trusty Unix Guy) to come in via SSH and make some fixes. In the name of security, he made some changes, per the snipped e-mail below: * * * * (begin snippet) I changed /etc/ssh/sshd_config. I changed PermitRootPasswords from "yes" to "without-password". If you want to log in as root with that, you'll have to set up ssh key based authentication. I've also removed the root password. That means you can walk up to the console and login as root with no password. You're welcome to change that. Currently with the sshd config root can't log in without a RSA or DSA key. Man ssh for more info on key based authentication. You can also delete my account if you want to revoke my access. If you do so, you'll also want to remove me from the sudoers file (visudo). Try not to use your root stick. Attempt to never log in as root. When you need root, use sudo (I set you up already). (end snippet) * * * * THREE DON'T-KNOW-NUTHIN'-ABOUT-SSH QUESTIONS: * When attempting to login at "root" and just hitting ENTER at the password prompt, I can't get in. Am I missing something about his "no password required for root" comment? * Because I can't log in as root, any root-like changes I want to make would have to be made via sudo. What commands would I issue from the command line to change my root password back to what it was before? * When I attempt to telnet into the machine (from within or outside of my own LAN), I'm immediately prompted with "User Access Verification" and a Password prompt. No known passwords for the machine work. I thought this was particularly odd, since the box wasn't asking for a login, only a password. I like the idea of being very secure, yet I admit the man SSH pages left me confused. At this point, I'd be happy if I could: * Telnet into my machine and execute commands as root via sudo * Actually login as root while sitting at the machine so I could make broad changes, install/delete ports, etc. Many, MANY thanks! Greg B. - - - - - - - - - - - "... I'm rapidly climbing the ladder from FreeBSD idiot to FreeBDS moron. Wanna watch?" -- Greg B., 02/1/02 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message