Topics

How do I change the RSS User and login Password on the server.


Bill Hurlock <bill.hurlock@...>
 

Everything was working today. While I was out RSS dropped connection to me. I went to log back in and it won't except my login. When I got home I noticed that RSS server was also disconnected. I can no longer log into the RSS server. Where do I go on the PI to check the login values?

WA2TQI
Bill


Bill Hurlock <bill.hurlock@...>
 

So I went in and edited the user via phpMyAdmin on the PI and I'm able to get into RSS ok. Some how while I was out I must have entered the password in place of my User Name and the program modified the DB record with the new user name and no password. I have to tell you this has been a real challenge trying to get this program functioning. One day it is working the next day I have to fight mumble just to get ins and outs to work and today I had this very strange edit take place in the DB entry. I'm just about ready to hang this whole thing up. There is no way this should be this complicated to get and keep this program to working.  I will say when it works it is really nice but when anything stops working correctly it turns into a nightmare. I guess I jumped into this to early in development.
As a side note I'm using VPN to connect remotely and that is working great.

Bill Hurlock
WA2TQI


Howard Nurse, W6HN
 

Hi Bill,

You are right, the user name shouldn't change other than by changing it in the Account Editor.  When you looked at the Users table, how many records (lines of data) were there?  Am I interpreting correctly that what you saw was your password in the Username field?  I'd like to find out why that happened so we can prevent it in the future.

73, Howard W6HN


Bill Hurlock <bill.hurlock@...>
 

Yes my password was in the user field and the password was blank. The record didn't look corrupted other than the Name and Password having been changed but I can't tell you how many lines. This all happened while I was out using the Rigpi remotely. Very odd.
Pretty late right now but I can take a look at the record tomorrow. I had no problem editing the record and saving it back. I did have a problem with the login when I had a password in the edited record. I wasn't able to login but when I went back and edited the record and removed the password I could log in OK. I did go back in one more time and tried to put a different password in and I couldn't login until I went back and removed the password. All editing was done using phpMyAdmin on the PI.

Bill
WA2TQI


Howard Nurse, W6HN
 

Hi Bill,

Please let me know if this happens again, and any steps I can take to repeat it.  Note passwords are encrypted in the Users database so they can’t be seen or edited directly in the table.

73, Howard W6HN


Bruce Perens K6BP
 

> Note passwords are encrypted in the Users database so they can’t be seen or edited directly in the table.

It is not the case that they can't be edited. You can clear the password by editing /etc/shadow and removing the encrypted password between the two colon characters. You can also copy an encrypted password from another line, or another system entirely, and put it there. You have to be root to edit that file, but this is simple since the root password is set to a publicly known value. The RSS software also operates with root privileges, so if you penetrate that software, it can be made to change passwords.

    Thanks

    Bruce


On Sun, Jul 28, 2019, 10:05 Howard Nurse, W6HN <hlnurse@...> wrote:
Hi Bill,

Please let me know if this happens again, and any steps I can take to repeat it.  Note passwords are encrypted in the Users database so they can’t be seen or edited directly in the table.

73, Howard W6HN