On Thu, Mar 2, 2017 at 6:22 PM Kurt Talke <[email protected]> wrote:
> Hi, > > I’m wondering why logging in over ssh as root is not longer possible on > the latest BBB image. For installing embedded lab view, I need to be able > to log in as root. > > I tried changing the root password, which actually shows properly in > /etc/shadow, but I’m still unable to ssh in as root even with the new > password. Is there any way to alter this? > It is a basic security step. You'll need to ssh in using the debian user (with temppwd password), then use 'sudo su -' (typing the password again). To alter it, as root: sed -e "s/^PermitRootLogin without-password/PermitRootLogin yes/" -i /etc/ssh/sshd_config systemctl restart sshd Maybe we can align on a better way to install the labview service? Can an installer be copied over to the debian user account and then installed using 'sudo'? Is there a way to have the user provide a password? The issue is that I've gotten fairly embarrassed about our lack of default security. The tipping point was the analysis that security experts have provided me regarding the DDoS attack on DNS servers back in October that targeted IoT devices. The vulnerability was simply walking in the front door on many of these devices, such as doing ssh as 'root' with various default passwords and other dictionary username/password combos. Honestly, I'm not sure that they wouldn't try debian/temppwd, but at least now sudo will ask you a password. We knew this change would generate screams and you are the first one to scream. Now we have to start working on the tradeoffs to keep your stuff working and stop participating in botnets. > > -Kurt -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/CA%2BT6QPmKGaL1Wu7uLHdDxrJJ9h0fRofyLXCXaeP2FN4f3GF5UA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
