(11-01-2019, 07:07 PM)gibby Wrote: Hi all,
I just wanted to mention a security issue I noticed today when I finally got to play with my new PBP.
It appears that SSH is enabled on startup, and that root access via ssh enabled by default.
With the default un/pw being root/root, this is definitely not recommended.
For those not familiar, you can simply issue this command from another linux machine:
ssh {your PBP ip address here} -l root
Once logged in as root (either remotely or locally) you can modify your ssh config:
vi /etc/ssh/sshd_config
On line 32, you will see:
PermitRootLogin yes
Change to:
PermitRootLogin no
Save the changes to sshd_config
If you are doing this remotely, close the session by issuing:
exit
Open a terminal locally on your PBP and restart the ssh service:
sudo systemctl stop sshd
sudo systemctl start sshd
Now if you try to ssh directly to the root account, you will be denied, however, you can sudo your way to root from a sudoers account.
If you don't use ssh normally, you can disable automatic sshd startup:
sudo systemctl disable sshd
If you have disabled ssh on startup, you will have to start it manually to use it:
sudo service ssh start
I would suggest you change the password for both root and your standard user. Make them strong
I would also suggest that if you're going to run around with SSH enabled, you create a separate non-sudoer user for use with ssh, and deny ssh access to your sudoer accounts (unless you really need that level of remote control).
I'm really enjoying this little machine so far.
Cheers!
It looks my pinephone does NOT come with SSH enabled?
Welcome to Longer Vision
https://www.longervision.ca
https://www.longervision.ca
