[arm-allstar] Login password changed automatically

David McGough kb4fxc at inttek.net
Sun Jan 26 08:42:22 EST 2020 

Hi Darren,

This isn't typical behavior at all, so I'm very curious as to what's 
happening.  If possible, I'd like to get a copy of the SDcard to evaluate 
further?

There are no known vulnerabilities in the current HamVoIP codebase (I guess 
these are HamVoIP nodes?), so that leaves me with some questions:

1) Was a STRONG root password used? Was the password changed after the 
first system got "hacked"??

2) Is Supermon or Allmon in use on these systems?

3) If the answer to #2 is yes: Were the same passwords used for 
Supermon/Allmon as used for the root ssh login?

4) Is the Asterisk AMI interface enabled? Is it accessible from a public 
IP address?


73, David KB4FXC


On Sun, 26 Jan 2020, "Darren via ARM-allstar" wrote:

> Hi all,
> 
> I am wondering if anyone else has experienced this issue and have a 
recommendation on how to fix it.
> 
> 
> I have 5 all-star nodes set up running on 3 raspberry pi 3's.  One is 
connected directly to a repeater as a controller, 2 are used for remote 
link to 2 of our repeater sites that don't have INTERNET and 2 are 440 
simplex nodes for local fill in.  All are linked permanently as to 
provide coverage for our club members.
> 
> 
> About 6 months ago I went to do an update on the pi running as a 
repeater controller at the one site, and tried to log in via SSH through 
PUTTY as I have done in the past.  However, I would put in the user name 
of root and the password (yes changed from the default of root), and it 
said password invalid and prompted me for the password again.
> 
> 
> I reinstalled the image and set the pi back up from scratch and all has 
been good.  Everything working great. Login works fine.
> 
> 
> Fast forward to present and I have had one of our club members who is 
hosting one of the pi's as a repeater link and simplex node at his qth.  
He received a message from his ISP that a computer on his network is 
participating in a DDOS attack to his neighbors.  When I tried to log 
into the pi at that location to do some investigation and I got the same 
problem as 6 months ago, but on the second pi not the original.  Try to 
log in and keeps asking for password.  I could still log into the other 2 
servers no problem.  
> 
> 
> Today I tried to log into the other 2 servers and now they too keep 
asking me for the password over and over.  I have not changed the passwords.
> 
> 
> All of the servers were using the same root password which was changed 
when they were set up so I know it's not that I am losing my memory and 
forgot the password.
> 
> 
> Has anyone seen this before and if so how was it fixed.  If not, how do 
I keep this from happening again. It is a pain to have to keep setting 
the 5 nodes and 3 servers up constantly.
> 
> 
> Regards,
> 
> Darren VE3REK
> 
> 
> _______________________________________________
> 
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
> 
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>

More information about the ARM-allstar mailing list