How are password encoded in Directadmin configs?

zEitEr

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
15,415
Location
www.poralix.com
Hello,

I'm not sure, if it's a good deal to discuss it in public, so if it's needed we would discuss the issue privately.

How good are passwords encrypted in /usr/local/directadmin/data/admin/cluster.conf ?
Is it possible to decrypt them anyhow? Or directadmin has a built-in secret key?
 
Base64, so yes, they can be decrypted.
Only diradmin and root can read it, but goes without saying "keep it safe".
If an attacker gets root access, then there are bigger issues.

In any case, one way of minimizing risk with this, would be to create a 2nd admin (eg: admin2), and use the commands.allow:
http://www.directadmin.com/features.php?id=1171
CMD_API_DNS_ADMIN
CMD_API_LOGIN_TEST
CMD_API_ADMIN
CMD_API_USER_EXISTS


The all_pre.sh can also do it with more control:
http://help.directadmin.com/item.php?id=150


We can look at other options, if needed, eg:
- encryption secret key, stored in the license.key.
- or perhaps a "remote key" system, similar to .ssh, were the remote DA box gives a hash, and that has is only allowed to run "X". Similar to using "admin2", except, you could still use "admin", but the hash is only allowed for a small set of specified commands.

John
 
Hello John,

Thanks for your reply. The same base64 is used for storing passwords for remote FTP-backups task, isn't.
 
You must log in or register to reply here.
Back
Top