F14 AMI passwords
Pete Zaitcev
zaitcev at redhat.com
Fri Nov 19 05:19:51 UTC 2010
Looking at the /etc/shadow in our official AMI ami-6e3a6a2b, I observed
that root and ec2-user have passwords. Why are they left in? I suppose
they do not hurt much, since sshd_config sets PasswordAuthentication
and PermitRootLogin to no. Still, I'm just curious what they are.
Even better, let's think in reverse: if the creator accidentially
used a real root password, can I crack any interesting servers by
cracking the root password and then applying it to bits of Fedora
infrastructure (I know it's not 3-DES anymore, but still)?
-- Pete
More information about the cloud
mailing list