[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] SSH RSA Authentication on Raq2

Subject: RE: [cobalt-security] SSH RSA Authentication on Raq2
From: "Michael Kovalik" <michael@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 28 May 2000 19:42:34 +1000

Rod,

By the sounds of things this is not a synchronisation issue. It's a
simple yet funky Linux security feature that has been included at
compile time by those kookey folks at Cobalt.

The feature indicates to login that only members of the 'wheel' group
may su to root. This includes the groups 'wheel' and 'root'.

There are three ways to fix this. Two of which may void your warranty.
	1, LOGIN as 'admin' then SU to 'root'. (su reads your id from login
          so you can not su from <user> to admin then su to root).
	2, Add your user to the wheel group [MAY VOID WARRANTY]
	3, Add the following text to your /etc/login.defs file;

Adding this text to login.defs may void your Cobalt Warranty!!!!!
<-- Begin cut /etc/login.defs -->

#
# If "yes", the user must be listed as a member of the first gid 0 group
# in /etc/group (called "root" on most Linux systems) to be able to "su"
# to uid 0 accounts.  If the group doesn't exist or is empty, no one
# will be able to "su" to uid 0.
#
SU_WHEEL_ONLY   no

<-- End cut /etc/login.defs -->

The above option in /etc/login.defs SHOULD allow ALL users, with telnet
access, the ability to SU to 'root' (as long as they know the password).

<SOAPBOX> All this said, I still, personally, believe that the option
should remain as-is so that only admin can su to root. This means that
if anyone is thinking of making any major changes, they do have to
think about it first because it's not convenient. </SOAPBOX>

> -----Original Message-----
> From: cobalt-security-admin@xxxxxxxxxxxxxxx on Behalf Of Rod Todd
> Sent: Friday, 26 May 2000 20:28
> Subject: RE: [cobalt-security] SSH RSA Authentication on Raq2
> 
> We can su to admin, but not root.  Can we fix this by
> hitting the reset button on the Raq; are root and
> admin always the same after hitting the button but
> then they can be changed to be different passwords
> later?

Regards,

Michael Kovalik
Senior Network Engineer
Virtual Internet Australia
Mobile: +61 (0)404 888 443

------------------------------------------------------------
 Virtual Internet, the Virtual Internet Seal of Quality and
 other Marks are Copyright C 1996-2000. All Rights Reserved
------------------------------------------------------------
Views or opinions expressed by an individual within this 
email may not necessarily reflect the views of Virtual Internet
or its associated companies.

References:
- RE: [cobalt-security] SSH RSA Authentication on Raq2
  - From: Rod Todd

Prev by Date: Re: [cobalt-security] booting password crackers...
Next by Date: Re: [cobalt-security] booting password crackers...
Previous by thread: RE: [cobalt-security] SSH RSA Authentication on Raq2
Next by thread: RE: [cobalt-security] SSH RSA Authentication on Raq2

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index