I have installed SUSE 9.0 several time because what is happenening is on the install I setup my root password in MD5 encrytion format (It give me three options, Default, MD5, and Blowfish). If I use default is says that the password that I am using is to short so that is why I use MD5. I have not tried Blowfish.After everything is setup usually will ssh into my box from work and change the password to something more secure. What is happening is when I ssh in to my box and change my password it works for a while and then after several attemps I cannot get back into as root. Is there something that I have to modify so that this doesnt happen. the command that I use when is passwd root: and then I change my password. Could it possible be that by using this command it changes the encrytion that I was using MD5 to something different and that would be the reason my password never work. This is driving me crazy.

Hmm sounds very strange. Note the password hash that's in the /etc/shadow file when its working and see if that's changed when its not working. Also check your /etc/ssh/sshd_config to see if root login is allowed, although usually its either allowed or its not - not allowed for a while then revoked.

I changed from the default that is DES or something like that to Blowfish and never had any complaints from the users and when I look at the file I see Blowfish encrypted password mixed with the default ones. This in a Suse 9.1 box

SO far after reinstall SUSE 9.0 again, I havnt run into a problems but I am a little nervous about changing the password again for what had happened to me earlier. If this does happen again, is there a backdoor that I could use to get in and change my password again?

Boot into rescue mode from the Suse install CD/DVD or boot any Linux Livecd, mount your partition(s) and edit the /etc/shadow file.

when you say edit your etc/shadow file, I see that mu old passoword is encrypted so what would I do remove the old stuff and put in a new password?

Yes. Copy the password hash from somewhere else, ie. an account that works perhaps on another box.

just one more question. Can a cracker do the same thing if he wanted to.

ex.

a cracker copies his hash password from his machine on to a floppy and then finds your machine and then boots with a cdrom or a disk and just copy his hash password into your etc/shadow file and then viola there in as root and the hell begins.

Yes of course.

Anybody who has physical access to the inside of your computer (no matter what type of computer it is) can bypass operating system security. Even if you set a BIOS password and disabled booting from CDROM or Floppy the cracker could just open your box and either reset the BIOS by removing its battery or simply remove your hard drive and plug it into his own computer. Its the same with Windows too BTW - there are plenty of Windows password recovery livecds or programs available for free a short google away.

The only way to get around this is to encrypt your data, or even your entire hard drive if you really don't have any physical security for your computer (eg. your travel laptop).

But the easiest solution is to not let malicious crackers carying screwdrivers walk into your home or place of business!

many thanks TKEDWARDS. you are contributing to a great cause.

and to every else who responded to this post.