[arm-allstar] Login password changed automatically
David McGough
kb4fxc at inttek.net
Sun Jan 26 10:08:04 EST 2020
Hi Darren,
I'll send you a follow-up message off-list.
73, David KB4FXC
On Sun, 26 Jan 2020 dklortie at teksavvy.com wrote:
> Hi David,
Thanks for the quick reply.
Answer to question 1 is I believe a strong password is being used (10 characters with 3 being an upper case, number and a punctuation) Passwords were changed after the problem with the first server.
2 &3. Supermon is being used and the password for that is different than the one for ssh login.
4. Asterisk AMI interface?
As for the copy of the SD card. Just let me know how to get out to you.
Regards,
Darren
Sent from Workspace ONE Boxer
On Jan 26, 2020 8:42 AM, David McGough <kb4fxc at inttek.net> wrote:
Hi Darren,
This isn't typical behavior at all, so I'm very curious as to what's
happening. If possible, I'd like to get a copy of the SDcard to evaluate
further?
There are no known vulnerabilities in the current HamVoIP codebase (I guess
these are HamVoIP nodes?), so that leaves me with some questions:
1) Was a STRONG root password used? Was the password changed after the
first system got "hacked"??
2) Is Supermon or Allmon in use on these systems?
3) If the answer to #2 is yes: Were the same passwords used for
Supermon/Allmon as used for the root ssh login?
4) Is the Asterisk AMI interface enabled? Is it accessible from a public
IP address?
73, David KB4FXC
On Sun, 26 Jan 2020, "Darren via ARM-allstar" wrote:
> Hi all,
>
> I am wondering if anyone else has experienced this issue and have a
recommendation on how to fix it.
>
>
> I have 5 all-star nodes set up running on 3 raspberry pi 3's. One is
connected directly to a repeater as a controller, 2 are used for remote
link to 2 of our repeater sites that don't have INTERNET and 2 are 440
simplex nodes for local fill in. All are linked permanently as to
provide coverage for our club members.
>
>
> About 6 months ago I went to do an update on the pi running as a
repeater controller at the one site, and tried to log in via SSH through
PUTTY as I have done in the past. However, I would put in the user name
of root and the password (yes changed from the default of root), and it
said password invalid and prompted me for the password again.
>
>
> I reinstalled the image and set the pi back up from scratch and all has
been good. Everything working great. Login works fine.
>
>
> Fast forward to present and I have had one of our club members who is
hosting one of the pi's as a repeater link and simplex node at his qth.
He received a message from his ISP that a computer on his network is
participating in a DDOS attack to his neighbors. When I tried to log
into the pi at that location to do some investigation and I got the same
problem as 6 months ago, but on the second pi not the original. Try to
log in and keeps asking for password. I could still log into the other 2
servers no problem.
>
>
> Today I tried to log into the other 2 servers and now they too keep
asking me for the password over and over. I have not changed the passwords.
>
>
> All of the servers were using the same root password which was changed
when they were set up so I know it's not that I am losing my memory and
forgot the password.
>
>
> Has anyone seen this before and if so how was it fixed. If not, how do
I keep this from happening again. It is a pain to have to keep setting
the 5 nodes and 3 servers up constantly.
>
>
> Regards,
>
> Darren VE3REK
>
>
> _______________________________________________
>
> ARM-allstar mailing list
> ARM-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3/4 web page - http://hamvoip.org
>
More information about the ARM-allstar
mailing list