Results 1 to 6 of 6

Thread: CRITICAL! Root Password Issues

  1. #1

    Default CRITICAL! Root Password Issues

    Ok, I am quite alarmed at this:

    I have a VPS (and an admin can look up and see how it was provisioned, it is the newest one of mine), and I was entering the root password using SSH and left a letter off of the end. I was like... oh I'll have to retype the password. Nope, it let me in. So I was curious. I left off 2, then 3, then 4, 5, 6, 7, 8, 9, and finally 10 characters off of my password, and it still worked. Amazing!

    My password is 18 characters long, I only had to use the first 8 of them to log in. I think that's a bit insecure!

  2. #2
    Join Date
    Mar 2008
    Posts
    142

    Default

    ~# passwd
    THE PASSWORD YOU WANT
    THE PASSWORD YOU WANT
    ~# echo done!

  3. #3
    Join Date
    Dec 2007
    Posts
    1,141

    Default

    Please see the Password Changes from My.VPSLink.com Use 8 Character Password Length document added to the VPSLink Wiki for instructions to switch from DES-based password hashing to MD5 hashing.

  4. #4
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    You might also want to setup pub/priv rsa key-pairs for authentication. This way you need a certificate and a password to auth :]

    Be careful though, you could lock yourself out of your VPS. make sure you backup your keys to a usb-stick or something. My watch has 2gb usb built in, so I can get to my server from almost anywhere if necessary.

    -Guy

  5. #5
    Join Date
    Dec 2007
    Posts
    1,141

    Default

    Quote Originally Posted by GuyPatterson View Post
    My watch has 2gb usb built in, so I can get to my server from almost anywhere if necessary.
    A watch with a hidden 2 GB USB stick?

    Quote Originally Posted by GuyPatterson
    "The name is Patterson, Guy Patterson."

  6. #6
    Join Date
    Jul 2007
    Location
    127.0.0.1
    Posts
    392

    Default

    Quote Originally Posted by DanL@VPSLink View Post
    A watch with a hidden 2 GB USB stick?
    HAHAHA yep

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •