If you get a root shell once, why not change the root password then?

▲ codejake 3 hours ago | parent [-]

Great, obvious question!

The answer I got: "we can't. We'll lose access to the database". I did not ask for elaboration, but it is not routable to/from the Internet.

▲ adrianmonk 2 hours ago | parent | next [-]

You can just add a second line to /etc/passwd with a different username but the same numerical uid. Like this:

    altroot:x:0:0:Alternative Root User:/:/bin/sh

Then, of course, run (as root) "passwd altroot" to set a password.

We used to do this all the time for users who needed root access to their own workstation. It allowed us to avoid telling them the common root password used on all the machines in the organization.

In your case, doing this might be beneficial in case there is a network problem because you'll have a way to log in as root locally.

▲

bink an hour ago | parent [-]

Back in the day we would've just added our IP to the .rhosts file and no password would be required at all!

It does have me thinking about what versions of SSH would run on such an old OS. I'm sure there were versions available at one time... and since it's vulnerable to remote exploit anyways the version wouldn't really matter.

	▲	shrubble a minute ago \| parent [-]
		SSH v1 protocol would work; but it’s still considered insecure by SSH clients of the last two decades :-)

▲ orthogonal_cube 2 hours ago | parent | prev [-]

Seems as though the process of changing the password on their end may not be as straightforward. Or they’re just worried that misconfiguring it may prevent them from getting connected again.

In any case, as long as it’s not directly routable to the internet and there’s a plan to phase it out, probably nothing to get worked up about.

I hope the sound of the drive isn’t particularly bothersome. It’s rather impressive to still be working.