SOLVED Possible security threat? SMB user can login to root system...

I

i716

Cadet
Joined
Mar 11, 2020
Messages
9
Today have used Gnome (on NixOS) in quite a long time. In the file manager I was browsing the network locations under other locations. The TrueNAS box shows up twice, once with the wording file sharing and once with the wording remote login in brackets after the hostname. Out of curiosity, I have clicked the remote login link and entered the username/password combo of an unprivileged user et voila, I was inside the TrueNAS root file system. That should not happen.
Since I am not usually using Gnome, I am unable to reproduce this in other desktop environments including KDE Plasma or Windows.
Any ideas?

1654567331738.png


1654567372980.png
 
Last edited:
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
i716 said:
Today have used Gnome (on NixOS) in quite a long time. In the file manager I was browsing the network locations under other locations. The TrueNAS box shows up twice, once with the wording file sharing and once with the wording remote login in brackets after the hostname. Out of curiosity, I have clicked the remote login link and entered the username/password combo of an unprivileged user et voila, I was inside the TrueNAS root file system. That should not happen.
Since I am not usually using Gnome, I am unable to reproduce this in other desktop environments including KDE Plasma or Windows.
Any ideas?

View attachment 55916

View attachment 55917
Click to expand...
You probably have password authentication enabled for SSH? In this case it's expected.
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
This is one of those reasons why it's generally discouraged to use password auth and SSH. If this isn't a case, please PM me a debug. In general it's best form to report security concerns through our bug tracker.
 
I

i716

Cadet
Joined
Mar 11, 2020
Messages
9
anodos said:
You probably have password authentication enabled for SSH? In this case it's expected.
Click to expand...
Password authentication is indeed enabled for the root user.
1654567727359.png


The user that was able to login to the root filesystem is however in the group builtin_users
Could this be the culprit?
1654567854985.png
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
Ah, you're possibly unfamiliar with SSH configuration details. Traditionally, root is treated as something sacred deserving additional protection. You can enable password authentication for users, but not for root. Checking both boxes enables it for everyone. Once again, generally speaking, best practice is to always use key-based authentication for SSH.
 
I

i716

Cadet
Joined
Mar 11, 2020
Messages
9
anodos said:
Ah, you're possibly unfamiliar with SSH configuration details. Traditionally, root is treated as something sacred deserving additional protection. You can enable password authentication for users, but not for root. Checking both boxes enables it for everyone. Once again, generally speaking, best practice is to always use key-based authentication for SSH.
Click to expand...
Thanks for the clarification.
1654568337390.png

But this is TrueNAS specific? Normally there is a DenyUsers option in the sshd_config file and I would have expected that standard SMB users would be added there by default. Anyways, I will heed your advice and disable password authentication all together.
 
I

i716

Cadet
Joined
Mar 11, 2020
Messages
9
Disabling password authentication has solved the issue for me. I have marked this issue as solved in the title.
@anodos Once again thanks for your support! Much appreciated.

1654569333863.png
1654569362783.png
 
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Possible security threat? SMB user can login to root system..."

Similar threads

SimonClausen
Only Root user there can login?
Replies
10
Views
4K
sackerman
S
P
GUIDE: Setup secure GUI control on a jail using either VNC or X11
Replies
2
Views
6K
Phil1295
P
K
Replication with Non-Root User on Target System
Replies
1
Views
2K
jgreco
jgreco
M
  • Locked
Unable to login to GUI with non admin/root user
Replies
12
Views
17K
pirateghost
pirateghost
SJPadbury
Unable to login after install
Replies
6
Views
5K
kenmoore
kenmoore
Top