NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

redstamp's avatar
redstamp
Apprentice
Mar 19, 2018
Solved

SSH enabled for user (but not for root)

I want to enable SSH to use SFTP (with FreeFileSync) to automate synchronisation between two NAS' in separate geolocations (i can post instructions if anyone interested)

 

I have read about how to use public / private key encryption (rather than SSH via password) and just wanted to check a point on security.

 

If I create a specific user account and only enable SSH shell access via this user, I presume 'root' is not automatically enabled.  This would only be the case if I enabled SSH for the admin user - is this correct?  Or does enabling SSH for ANY user enable root access?

Thanks.


  • redstamp wrote:

     

    "The root password for SSH is the same as the admin user. Change from the default for security purposes. Not changing the default password and enabling SSH leaves you vulnerable to attack."

     

     I still dont get what that last precautionary bullet is trying to warn against though.

     

     


    It's saying two things.  First, that if you want to access the linux shell via ssh you should use "root" as the username instead of "admin" - using the NAS admin password.

     

    Second (the warning bit), that it is a really bad idea to leave that NAS admin password set to the default value of password.  Even if you don't enable ssh you shouldn't use the default password.

7 Replies

Replies have been turned off for this discussion
    • JohnCM_S's avatar
      JohnCM_S
      NETGEAR Employee Retired

      Hi redstamp,

       

      The root access is disabled by default when you create a local user. The user will only have root access when you enable the 'Allow shell access' for that user.

       

      Regards,

      JohnCM_S
      NETGEAR Community Team

       

       

      • JohnCM_S's avatar
        JohnCM_S
        NETGEAR Employee Retired

        Hi redstamp,

         

        We’d greatly appreciate hearing your feedback letting us know if the information we provided has helped resolve your issue or if you need further assistance.

         

        If your issue is now resolved, we encourage you to mark the appropriate reply as the “Accept as Solution” or post what resolved it and mark it as solution so others can be confident in benefiting from the solution. 
         
        The Netgear community looks forward to hearing from you and being a helpful resource in the future!
         
        Regards,

        JohnCM_S
        NETGEAR Community Team

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More