|
I have a beaglebone black and I used scp to transfer a file from my desktop to the beaglebone today. The beaglebone came from adafruit with debian pre-installed. I sent it as root user, like: scp ./foo root@192.168.1.72:/home/debian/ I meant to do it as the default debian user, but wasn't thinking. So anyways when I ran this command it didn't ask me for a password and just wrote the file as root for me. WTF? e: i know there's some way to set up SSH keys or something so that you don't get prompted for pw, but I always forget how this works, and I'm pretty sure I never set this device up for that, sooo... peepsalot fucked around with this message at 03:49 on Dec 20, 2016 |
# ¿ Dec 20, 2016 03:42 |
|
|
# ¿ May 16, 2024 13:01 |
|
Storysmith posted:Try running (as root) code:
Storysmith posted:Adding more levels of -v flags to get more debug output will shine some light as to how auth (if any) is happening. code:
|
# ¿ Dec 21, 2016 18:22 |
|
Storysmith posted:Well there's your answer. Apparently out of the box, it doesn't require auth for root access for some reason. I'll need to see if I still have my BBB to play with, but that's hilarious. First I found that root password is blank ( /etc/shadow shows root:: ) Is this typical for debian based systems that use sudo to escalate privileges anyways? But when you combine that empty password with these settings in /etc/ssh/sshd_config PermitRootLogin yes and PermitEmptyPasswords yes Then it just lets you ssh with no password. I found that changing just the PermitEmptyPasswords option to no is enough to stop this behavior. I guess I'm just curious if this sort of blank root password setup could cause other security issues outside of ssh/scp. And just still generally confused about how this whole sudo situation with no actual root password is *supposed* to work in a secure manner. peepsalot fucked around with this message at 02:31 on Dec 22, 2016 |
# ¿ Dec 22, 2016 02:28 |