Admins figuring out my RCON password

404UserNotFound · **Author**

Had this problem for a while until I put my RCON password into the command line (in my "start.sh" file).

Just wondering if anyone knows how admins are able to find out the RCON password? Is it from using the "Exec cfg" option in the admin menu to execute the "server.cfg" file?

Dravu · 10-29-2013 , 23:03 Re: Admins figuring out my RCON password

What powers are you giving them?

sm_cvar rcon_password

friagram · 10-30-2013 , 02:29 Re: Admins figuring out my RCON password

If you have it in your command line, you can view the process list and see the password, since you can see the command lines...

so if it's a shared box, that isn't maintained only by you, it's likely that someone that isn't an idiot will find it out easily. There's also protection against giving admins the rcon password, you're probably giving them too many flags.

sdz · 10-31-2013 , 16:44 Re: Admins figuring out my RCON password

Just comment out the "rcon_password" option in server.cfg.

404UserNotFound · 11-02-2013 , 17:13 Re: Admins figuring out my RCON password

The way I think my admins were finding it was through some method of the aforementioned "Exec cfg" option, but using it in command form to execute "server.cfg"

Since moving the password to the command line and removing it from server.cfg, I've not had any issues of rogue admins fucking with my server.

TnTSCS · 11-02-2013 , 17:39 Re: Admins figuring out my RCON password

Is there any real benefit to having rcon password if you have sourcemod installed?

pcmaster · 11-02-2013 , 18:24 Re: Admins figuring out my RCON password

Why don't you simply remove the Admins messing with your RCon?

hamilton5 · 11-02-2013 , 19:49 Re: Admins figuring out my RCON password

Quote:

real benefit to having rcon password if you have sourcemod installed?

yeah, I doubt it... I cant believe the guy is worried about his precious rcon pass and blindly handing out rcon and cvar access to his admins..

Visual77 · *Last edited by Visual77; 11-03-2013 at 03:39.*

Quote:

Originally Posted by hamilton5

yeah, I doubt it... I cant believe the guy is worried about his precious rcon pass and blindly handing out rcon and cvar access to his admins..

There's also this: https://forums.alliedmods.net/showthread.php?p=1414157 to block the output of sm_cvar rcon_password & sm_rcon rcon_password

But the basic rule is to never give your admins the h or the m admin-flag - then they shoudn't be able to find it unless you also gave them ftp

Fearts · 11-03-2013 , 17:32 Re: Admins figuring out my RCON password

Just use SMAC's Rcon plugin along with the ext and whitelist only your home IP (or any IPs that need to use Rcon). That way even if they know what it is they can't use it.