Active Topics
-
How many of you still use N900 as main phone? (595)
to Community by deutch1976 - 2 days, 2 hrs ago -
Big news (7)
to OS2008 / Maemo 4 / Chinook - Diablo by endsormeans - 3 days, 11 hrs ago -
Firefox with Leste (8)
to Maemo 7 / Leste by endsormeans - 3 days, 11 hrs ago -
Which is the best N95? What software modifications could be made to it? (3)
to General by Kalatti - 6 days, 12 hrs ago -
Installing CSSU Stable in year 2024 (2)
to Maemo 5 / Fremantle by teroyk - 6 days, 19 hrs ago - more...
|
2010-04-17
, 08:56
|
|
Posts: 2,802 |
Thanked: 4,491 times |
Joined on Nov 2007
|
#2
|
Originally Posted by joschum
Remote root logins are already allowed, so no (unless your user password is really weak).
Is this a security risk?
|
|
2010-04-17
, 08:56
|
|
Posts: 2,102 |
Thanked: 1,937 times |
Joined on Sep 2008
@ Berlin, Germany
|
#3
|
Yes it is, but only for the user account. But every little security hole in an application might widen that gap a little.
Why didn't you just give user a password?
As root:
Why didn't you just give user a password?
As root:
Code:
passwd user
|
|
2010-04-17
, 09:08
|
|
Posts: 1,341 |
Thanked: 708 times |
Joined on Feb 2010
|
#4
|
It is almost as (un)safe if one just ssh in as root.
You have probably gainroot installed, so getting user access means root access also.
Actually having two passwords which either one leads to root access is less secure than having only one.
You have probably gainroot installed, so getting user access means root access also.
Actually having two passwords which either one leads to root access is less secure than having only one.
|
|
2010-08-05
, 20:21
|
|
Posts: 25 |
Thanked: 27 times |
Joined on Oct 2009
@ Amsterdam
|
#5
|
Using a plain password on a Maemo device is vulnerable.
It does not use shadow password files and the default crypto is a very weak Traditional DES encryption which is very easy to break. Since passwords are limited to max 8 characters it also does not matter how large or 'strong' you make your passwords.
/etc/passwd is readable for everybody, so basically anyone that can get a hold of your device for 5 mins can email/copy the passwd file and use a bruteforce cracker to find your passwords in a matter of hours.
The only thing that I could recommend is keeping your /etc/passwd file empty (aka do not use passwd) and instead copy your ssh public key to the device and use that for logging in remotely.
p.s. sorry for bumping this thread... forum uses MM-DD-YYYY which is extremely confusion....
It does not use shadow password files and the default crypto is a very weak Traditional DES encryption which is very easy to break. Since passwords are limited to max 8 characters it also does not matter how large or 'strong' you make your passwords.
/etc/passwd is readable for everybody, so basically anyone that can get a hold of your device for 5 mins can email/copy the passwd file and use a bruteforce cracker to find your passwords in a matter of hours.
The only thing that I could recommend is keeping your /etc/passwd file empty (aka do not use passwd) and instead copy your ssh public key to the device and use that for logging in remotely.
p.s. sorry for bumping this thread... forum uses MM-DD-YYYY which is extremely confusion....
|
|
2010-08-05
, 20:43
|
|
Posts: 486 |
Thanked: 251 times |
Joined on Oct 2009
|
#6
|
Originally Posted by trbs
Actually, it uses MM-DD-YY (two digit year) which is even more than extremely confusing. The only date order unambiguous world wide is YYYY-MM-DD
p.s. sorry for bumping this thread... forum uses MM-DD-YYYY which is extremely confusion....
__________________
The Mini-USB plug is an improvement over both the Type B plug and the Micro-B plug.
The Mini-USB plug is an improvement over both the Type B plug and the Micro-B plug.
|
|
2010-08-07
, 00:20
|
|
Posts: 486 |
Thanked: 251 times |
Joined on Oct 2009
|
#8
|
Originally Posted by kureyon
Thank you, but I do not see any option that provides ISO 8601 date order, which besides being an international standard, is the only date order that sorts sensibly, and the only order that is unambiguous worldwide, because, as far as I know, no one uses YYYY-DD-MM
You can change the date display format your control panel settings.
__________________
The Mini-USB plug is an improvement over both the Type B plug and the Micro-B plug.
The Mini-USB plug is an improvement over both the Type B plug and the Micro-B plug.
|
|
2010-08-07
, 01:59
|
|
Posts: 540 |
Thanked: 387 times |
Joined on May 2009
|
#9
|
It's not ideal but if you need to run something as user:
Code:
[someuser@desktop:~]$ ssh root@<NokiaIP> [root@N**0:~]# su - user [user@N**0:~]
__________________
{ https://sites.google.com/site/maemo4repo/home }
{ https://sites.google.com/site/maemo4repo/home }
|
|
2010-08-08
, 07:44
|
|
Posts: 671 |
Thanked: 1,630 times |
Joined on Aug 2010
|
#10
|
Originally Posted by j.s
I use it.
Thank you, but I do not see any option that provides ISO 8601 date order, which besides being an international standard, is the only date order that sorts sensibly, and the only order that is unambiguous worldwide, because, as far as I know, no one uses YYYY-DD-MM
The people I work with use it.
But not on the n900.
Nokia deliberately left this out of the n900.
If you do manage to get ISO8601 working in a hack,
it will brick your device permanently.
to establish a connection to the N900 from my laptop I configured usb-networking as described here:
http://wiki.maemo.org/N900_USB_Networking
ssh root@N900 works fine.
To make
ssh user@N900
working I had to unlock the user-account with
usermod -U user
Is this a security risk?