John john at
Fri Feb 12 14:05:28 UTC 2010

On Fri, Feb 12, 2010 at 10:29:20AM +0100, Julien Gormotte wrote:
> Le 12/02/2010 02:24, Olivier Nicole a écrit :
> >>>> If you have physical access to the server, just reboot it in single user
> >>>>          
> >>> mode,
> >>>        
> >>>> and change the password. You might need to forcibly power it off. It is
> >>>>          
> >>> all
> >>>        
> >>>> covered in the handbook. If you don't have physical access,  I think you
> >>>>          
> >>> may
> >>>        
> >>>> be out of luck...
> >>>>
> >>>>          
> >>> May be out of luck? I would hope he is totally out of luck without
> >>> physical access, if
> >>> you get my drift!
> >>>
> >>> Hope you do have physical access Eric....
> >>>
> >>>        
> >> May not be out of luck depending on if the machine has had the last couple
> >> of years worth of updates. I'm guessing not if nobody has the root password
> >> and the persom who had set it up in the first place has been MIA for who
> >> knows how long.
> >>      
> > I was thinking along the same lines, but at same time Eric didn't know
> > about booting to single user, so would he be able to remotely hack
> > into his own system?
> >
> > Olivier
> > _______________________________________________
> > freebsd-questions at mailing list
> >
> > To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"
> >    
> If this is a dedicated server (or a VPS, or RPS, or any type of server 
> hosted by a server provider), you may have a rescue system, so you can 
> boot it and chroot yourself to access the system. Or, in some cases, you 
> can have a KVM-over-IP access, so you can boot into single user mode.

People, people - be careful that we are not creating a formula to
break into FreeBSD servers around the world...

The only acceptable solution is for someone in Eric's organization
to secure physical access to the server.  It may be in a co-lo
situation, but if that's true, they must have a contract open and,
if nothing else, they terminate the contract and get the machine
back, though more likely, the contract allows them supervised
access.  Machines are not perfect - even without losing the root
password, they break and need maintenance - this is a MAINTENANCE
event and should be treated as such, just like a hard drive failure
or a NIC failure.

Creating a scheme for someone to break into FreeBSD systems remotely
or to publicize schemes people have created to remotely manage their
systems in ways that could be used to compromise them is foolishness!

Regardless of the purity of his intention, Eric is asking us to
tell him how to break into our homes or steal our cars. ;)

John Lind
john at starfire.MN.ORG

More information about the freebsd-questions mailing list