Default root password = major security risk

Got problems with your B2 or B3? Share and get helped!
Post Reply
Rick_B3
Posts: 2
Joined: 29 Dec 2012, 11:58

Default root password = major security risk

Post by Rick_B3 » 01 Feb 2013, 08:04

The B3 manual says "A SSH connection will be available on the WAN port using username: ‘root’,
password: ‘excito’."

If you have the ssh port open, on your firewall, to permit remote ssh access, you surely need to be able to change the root password from the default (excito). Otherwise your B3 is open to the world, to use the published default password, to steal data from the box and mess it up generally.

I can't find anywhere in the documentation where it tells one how to change the root password to one of your own creation. Does anyone know how to change the root password on a B3 please?

RandomUsername
Posts: 904
Joined: 09 Oct 2009, 18:49

Re: Default root password = major security risk

Post by RandomUsername » 01 Feb 2013, 15:38

This is only when talking about booting into a rescue system is it not? Otherwise, directly logging in as root is disabled by default on all interfaces.

Also, if you don't know how to do something as simple as change a password (hint; use the command "passwd") you should probably avoid logging into SSH until you read up on the basics.

nobody
Posts: 226
Joined: 10 Mar 2012, 14:46

Re: Default root password = major security risk

Post by nobody » 01 Feb 2013, 17:12

Before you get all excited, remember that root is not allowed to log in! You need a regular username and passwd first AND you need to specifically allow that user SSH access. Anyone clever enough to do this knows she should change the root pw. Which is something you can do from the command line.

In short, the security model is pretty good, even with a default ssh password.

Post Reply