Cannot change default root password after Open SSh install - maemo.org

drangina | # 1 | 2010-05-20, 19:26 | Report

I installed Open SSH server and client. During installation i did not set any password. I just let it install like this.

Then through X term i tried to change a new password and it shows succeeded. i tried three times with new password with success

Now when i am trying to log in through winscp it cannot log me in with new password but when i try to log in with default password 'rootme' it logs me in.
I even reinstalled Open SSH but this time it did not ask me for any password during installation.

What is the solution?

Pretoriano | # 2 | 2010-05-20, 20:27 | Report

I don't know if i'm understanding, but if you want to change the root password, enter as root in terminal and type "passwd"

drangina | # 3 | 2010-05-20, 21:04 | Report

alright i solved it
earlier i was changing user password only by typing

passwd user

but when i typed
passwd root

it gave me option to change my root password.

rich c | # 4 | 2010-05-20, 21:36 | Report

Personally, I disallow remote root logins. Much better to login as user and then become root. From a security point of view.

drangina | # 5 | 2010-05-21, 13:20 | Report

Originally Posted by rich c View Post

Personally, I disallow remote root logins. Much better to login as user and then become root. From a security point of view.

Can you explain how can i log in through SSH as user not as root

bmouring | # 6 | 2010-05-21, 21:09 | Report

Originally Posted by drangina View Post

Can you explain how can i log in through SSH as user not as root

Some basic steps and their reasons:

Add a password for the user account ("user"), it sounds like you may have already done this, you may want to have a different password than the root password, however.
Code:
```
//as root
passwd user
//enter a new password
```
Open and edit the sshd configuration file (exists at /etc/ssh/sshd_config)
Here, we want to either disallow root logins:
Code:
```
...
PermitRootLogin yes
...
//Change this to "no" to prevent root logins
```
... or specifically spell out which users are allowed to login
Code:
```
...
AllowUsers user
//This line doesn't exist in the installed config file, so it'd need to be added
...
```
Either of these (or both) should net what you want.
Once you've made the changes, restart the sshd daemon, eitehr by using the handy sshd status application or, again, as root
Code:
```
/etc/init.d/ssh restart
```

That should get you on your way.

The Following 2 Users Say Thank You to bmouring For This Useful Post:
drangina, rich c

giannoug | # 7 | 2010-05-21, 21:11 | Report

The user account can simply become root by typing sudo gainroot, so I don't think that it is a big security hole

The intruder can see your files in user and root accounts.