Computing Facilities    links to the SCS and CMU home pages Carnegie Mellon School of Computer Science Carnegie Mellon University
 
Advanced search tips 
 
 » Introduction to Facilities 
 » Accounts & passwords 
 » AFS 
 » Application software 
 » AV help 
 » Backups & restores 
 » Calendaring 
 » E-mail 
 » Networking 
 » Printing 
 » Purchasing 
 » Resource management 
 » Security 
 » Software licensing 
 » Support charges 
 » Web publishing 
 » Mac support 
 » Linux support 
 » Windows PC support 

SSH Configuration Change

On Monday, May 20, 2013, SCS Computing Facilities will make a change to the configuration of the Secure Shell (SSH) service on Fedora and Solaris systems running the standard SCS computing environment. As a result of this change, these systems will no longer permit remote logins as root using a password. SCS Computing Facilities is making this change to enhance security of these systems by reducing the effectiveness of password-guessing attacks.

This change does not affect root logins using Kerberos or SSH public keys, SSH logins as users other than root, or local logins of any kind. It also does not affect SCS Dragon Ubuntu systems, which already use this new policy.

Unless you are currently using SSH with a password to access the root account on a Fedora or Solaris system, there is nothing you need to do to prepare for this change.

For those who are currently using SSH with a password to access the root account on a Fedora or Solaris system, SCS Computing Facilities recommends the following alternatives:

* Use Kerberos authentication, using a root instance as described in

http://www.cs.cmu.edu/afs/cs.cmu.edu/help/www/unix_linux/ladmin.html#Root

* Use SSH public key authentication

* Log in using an ordinary (non-root) user account and use su to become root

Please contact the SCS Help Desk at x8-4231 or send mail to help@cs.cmu.edu if you have any questions regarding this change.

Thank you for your attention,

SCS Help Desk