HowTo: using su instead of devel-su
asked 2014-02-26 09:51:45 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
Prerequisites
- Developer mode should be enabled
Instructions
Actually, su is already installed on Sailfish if developer mode is activated. But the password for root is not set by default so you can't use su out-of-the-box.
The steps to enable it are simple:
- Go to Settings->System->Developer mode.
- Enable Remote connection and set some password for it (it is actually a password for nemo user and will be used for
devel-supassword prompt). - Go to Terminal and type:
devel-su
password from step 2
passwd - You will be asked to enter new password for root user two times (it has nothing to do with the password that you have set up in step 2 - choose whatever you like, but choose a really strong one!).
- The password for root is now set - don't forget it! You can now use
suinstead ofdevel-suto become root user.
Warning
After the root user is activated, Remote connection setting becomes obsolete. You don't need to turn it on and set password for root access to use su. And you can always connect to Sailfish via SSH as root user (of course it will still ask you for a root password) even when Remote connection is turned off.
Because you cannot disable "Remote access" before connecting to networks you cannot trust (e.g. public WiFi networks, mobile providers that do not allocate private IP 4 addresses and block inter-user IP communication – assume, they do not, as long as you do not know they do), strangers could try to enter your phone via ssh and try passwords using an automated procedure until they have been successfully entering your phone.
It seems, so far there is no intrusion detection and prevention mechanism implemented in Sailfish. Think twice, whether you really want to open up ssh access to the handset in general.
PS: Thank you for this HowTo.
jgr ( 2014-02-27 00:24:47 +0200 )editThe phone does have iptables (a firewall, for those not familiar with it) that you could configure to only allow incoming SSH connections from a specific IP address, or to only allow a couple of login attempts per IP over a set time period e.g. maximum 3 login attempts per hour per IP.
Regardless, I would advise caution as well. It is generally thought of as a very bad idea to allow the root user to directly SSH in - it's much better to only allow normal users remote SSH access and then su to become root once inside.
typo ( 2014-02-27 00:44:10 +0200 )editOut of curiosity: why su? What's wrong with devel-su?
typo ( 2014-02-27 00:47:20 +0200 )editLess characters to type ;)
J4ZZ ( 2014-02-27 02:23:37 +0200 )edityou can create alias for devel-su ;)
barral ( 2014-02-27 10:47:08 +0200 )edit