Jump to content
ulisses1478

Possible ways of having unauthorized access in unraid

4 posts in this topic Last Reply

Recommended Posts

My brother picked up my unraid pendrive trying to steal my password. Have any possible way that he can get access to ssh/gui or my files in any way without my permission? if there is. How?

Share this post


Link to post

Anyone with physical access to the USB drive and the array system can get access to files that are not encrypted. They can wipe out the password fields entirely on the flash drive from a different system, insert the modified flash drive into the unraid system and turn it on. After boot up, they will have the system without passwords.

 

The way to protect against that is using drive encryption with a passphrase only you know that is not stored on anything they have physical access to.

 

However, I am unable to answer the question if your brother is smart enough to do this.

Share this post


Link to post
Posted (edited)

One way to help is to install the Fix Common Problems plugin.  That plugin have a setting for the maximum number of invalid login attempts in a day.  Then change your password to one that is at least 8 characters long and something difficult to guess since it is your brother.  You also need to physically secure your server which may be much more difficult.  Make sure that you have setup the certificate on your server so that you are using https. 

Edited by Frank1940

Share this post


Link to post
On 10/9/2019 at 10:21 AM, BRiT said:

Anyone with physical access to the USB drive and the array system can get access to files that are not encrypted. They can wipe out the password fields entirely on the flash drive from a different system, insert the modified flash drive into the unraid system and turn it on. After boot up, they will have the system without passwords.

 

The way to protect against that is using drive encryption with a passphrase only you know that is not stored on anything they have physical access to.

 

However, I am unable to answer the question if your brother is smart enough to do this.

He is smart , but I know when he unplug the flash drive out. after reseting the pass he has anyway to get access to the server?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.