Hello,
I'm trying to configure Debian SID to be usable on a Mac SE/30 (16 MHz,
128 MiB memory, SCSI2SD disk). Telnet and FTP to the system initially
both timed out. I was able to set LOGIN_TIMEOUT in /etc/login.defs to
180 (the default is 60 seconds), and that allowed telnet connections to
work, but ftp connections still time out (both work fine on a Mac IIci
at 25 MHz). Of course, at only 16 MHz, SSH isn't even an option for the
SE/30 (or the IIci).
Does anyone know of a way to set the ftp login timeout? I could probably modify the ftpd source, but I would prefer to modify a configuration
file setting if possible.
If I can get ftp working, the SE/30 will be a good low-end m68k 68030
system (perhaps the lowest end?) for testing modern Linux kernels.
I use QEMU to configure filesystems for all of my m68k systems. Linux
kernels can either be cross-compiled or compiled in QEMU. While QEMU is
a great emulator, I would still like to be able to run distributions on
real hardware, whenever possible.
Other changes to the default Debian SID installation have included
replacing systemd with sysvinit (far too many timeouts with systemd).
And by configuring a static /dev, I was able to disable udevd (again,
too many timeouts). I think my next effort will be to break PAM and
revert to old-style authentication, if possible.
It's interesting that I can login almost immediately using telnet or ftp using A/UX, but telnet in Debian takes about 100 seconds (and ftp still
times out).
thanks for any suggestions
-Stan Johnson
Most of that is probably password hashing. Look in /etc/shadow and
you'll
probably find long password hashes. If you're not worried about weak
hashes, you could switch to DES which is probably what A/UX uses. See
'man
login.defs' and 'man 3 crypt'.
BTW, if your password hashes are never leaked or your actual passwords
are
guessable anyway then I don't see much benefit from SHA512.
FTR, I'm not advocating guessable passwords and weak hashes. But if
you
want to try it, I hear that 12345 is very popular:
$ perl -e 'print crypt("12345","xx")."\n"'
xxwddmriJc5TI
Most of that is probably password hashing. Look in /etc/shadow and
you'll probably find long password hashes. If you're not worried about
weak hashes, you could switch to DES which is probably what A/UX uses.
See 'man login.defs' and 'man 3 crypt'.
BTW, if your password hashes are never leaked or your actual passwords
are guessable anyway then I don't see much benefit from SHA512.
FTR, I'm not advocating guessable passwords and weak hashes. But if
you want to try it, I hear that 12345 is very popular:
$ perl -e 'print crypt("12345","xx")."\n"'
xxwddmriJc5TI
I've always supported security protocols that match the associated risk.
For systems that are not exposed to the public Internet and that require clear-text protocols, anyway, such as telnet and ftp, for reasonable
access, there is nothing wrong with minimal password hashes (though I
agree "12345" is still a bad idea!).
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 293 |
Nodes: | 16 (2 / 14) |
Uptime: | 238:46:54 |
Calls: | 6,624 |
Files: | 12,172 |
Messages: | 5,319,942 |