I understand the reasons that users root and mythtv were disabled in ssh in version R5F1.

I use WinSCP as a GUI file browser for the Knoppmyth box, so I would like to be able to log in with root privilages using WinSCP.

Can I create a user and give that user root privilages, so I can work around the ssh blockage of the root account?

Hopeful,
Eric

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

I haven't had a chance to install R5F1, but you should be able to login via SSH as a normal user and su to root. If that isn't to your liking, take a look through /etc/ssh/sshd_config (assuming R5F1 still uses OpenSSH, and the config file is still in the same location) for more options.

If your question was how to add a user, check the man pages for useradd.

This worked for me.

But neutron66 is saying he uses WinSCP. not SSH.

From the WinSCP page

http://winscp.net/eng/docs/faq_su

But you have have to change your /etc/sudoers around to allow your install account to su without password

or edit /etc/ssh/sshd_config to allow root like mentioned above.

I am able to ssh into the machine with a user account and then issue the 'su' command and login as root. That works ok in ssh, but I can't do that in WinSCP. When you log into WinSCP, you can only use that particular account, as far as I can tell.


Well, not entirely. I was asking if it is possible to give another user account the root privilages.

I am considering the following 2 workarounds:

1. edit the /etc/ssh/sshd_config to allow root to use ssh again or
2. create another account (call it 'god') and give 'god' root priviliages. With option 2, I can leave the root account banned from ssh and still have an account with a different name that also has root privilidges.

Eric

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

Absolutely right spa|V|, my bad. I saw "were disabled in ssh" and missed or overlooked the WinSCP reference.

Careful with changing the PermitRootLogin directive though, especially if the box is exposed to the 'net (which I assume it is). Best to allow the sudo method...

EDIT: Although the sudo method doesn't seem to be very secure either! /EDIT

Are your KM boxen behind a firewall?

I can't see another option, given the FAQ spa|V| pointed to. Given this, I would use option 2, but make it an odd username and strong password. If you have the know-how you could allow root from within your LAN only with iptables/ipchains and go with option 1.

Is there a reason you're using WinSCP? is there a more secure way to do what you need?

Yes they are.


I use WinSCP like a graphic file browser. I really hate the command line interface when I'm searching various directories for a particular file or just taking inventory of what files are inside a particular directory. The command line just slows me down and gives me carpal tunnel syndrome
I also like to see all the filenames inside the window. So, WinSCP is a pretty quick and easy way to poke around many directories and see what files are located where.

I kinda like the compromise aspect of option 2. Now, I just need to learn how to give root priviledges to a regular user account with an odd username.

Eric

_________________
KnoppMyth R5.5, Asus A8N-VM CSM (nvidia 6150 onboard video), AMD Athlon 64 dual-core 4200+, two 1GB sticks DDR 400, HD-3000 HDTV card, PVR-150 card, Iguanaworks RS-232 IR receiver/transmitter, Pioneer DVR-110 DVD burner

You can open access with a limited IP range... See man sshd for the details.

You could use a combination of putty, Xming, and a Linux graphical file manager (Konqueror?) to run a Linux file manager on your Windows computer in a client/server style.

Sometimes I'll do this with Mythfrontend when I want to be simultaneously watching a program on the TV while messing around with another frontend on the Windows laptop.

This seems like more work than your option #2, though.

I may not understand the security implications of this fully but...

I don't see much difference between allowing root login from the internet and allowing a user to log in with root privileges from the internet. Either way, root or god can delete every file on your drive. The point of not allowing root access from the internet as far as I know is:

The hacker has to figure out a valid username and user password to get in and then figure out the root password, which adds an extra layer of security. In other words allowing root login from the internet gives your intruder a valid username and makes the intruder break only 1 password instead of 2.

Using your firewall to restrict which IP addresses can access your SSH port from the net and using a secure password that you don't use elsewhere would provide you greater security than preventing root login from you office computer imho. Also, investigating other tools for remote access to your computer would be time well spent. Lastly, remember that you can use all of your local graphical tools with ssh -X if you don't like the command line.

_________________
BE: R8.4, HVR2250, MCE media center remote, GigaByte GA-EP43-UD3L, 2gb ram

FE: Linhes 8.4, Mythbuntu, Linux Mint DE

I often edit fils with WinSCP.
Maybe it's wrong, but it seems to work.

So how do I do this change so I can log in as root from WinSCP with Putty.

I need to log in as root with WinSCP to be able to change files.

I hope you understand my problem, I'm a sort of newbe.

I am sorry, rsay that you don't understand the difference. There is a considerable difference between allowing a normal user to login (has to know his password) and then to su to root (knowing that password, also) than permitting _any_ login to root directly.

Dale

As it is a matter of security, I wouldn't recommend this to a newbie. man sshd_config will give you the information you need, but be sure you understand the security implications. Recommended reading: http://www.puschitz.com/SecuringLinux.shtml (RedHat-based, but good general information. Pay particular attention to the SSH related and "Restricting System Access...")

As for editing files, nano or pico are fairly user-friendly

If you're worried about leaving root open, just use private key encryption for the ssh connection which WinSCP supports. I've used this since R5D1 and it's worked great.