set up a root password
cary at bielenberg.id.au
Tue Aug 5 22:44:52 UTC 2008
I have 16 Ubuntu servers on my network & I enable the root password, but
I do disable ssh logon to the boxes as root though. My rationale is it
is a PIA to sudo every time I want to do anything. Also as I install
Webmin on my boxes it makes it hard to make changes without root access.
Nigel Henry wrote:
> On Tuesday 05 August 2008 21:30, Derek Broughton wrote:
>> Nigel Henry wrote:
>>> and find myself entering my usual root password,
>> tsk, tsk... :-)
> Yes, I know, I know. Probably my situation is a bit different to most users in
> that I have more than 20 distros installed on my 3 machines. Not having a
> photographic memory, and not wanting to set up different root passwords for
> all of them, and having to consult a notebook for the password every time I
> boot up a distro, and want to get root access, I find myself with one root
> password. Yes I should change it from time to time just in case.
> Being on dialup, with dynamic IP addresses, and not running any Internet
> accessable servers, I'm sort of kidding myself that all is ok, but perhaps
> could be more security concious.
>>> Personally I believe that having a separate root password (which I would
>>> expect to be more complex, than a plain old user one) is a good idea,
>> Not if you're using a "...usual root password".
> In my case yes, as I use the same root password for all distros. Not a good
> idea to be sure,
>>> on most of my distros, and does give an extra step that a potential
>>> hacker has to go through to get into your machine, but I suppose if they
>>> are determined to get in, they will find a way.
>> It doesn't give an extra step. They already _know_ the user name, they
>> only have to guess your password. Why would it be more complex than a
>> "plain old user one"? Passwords are as complex as the user makes them, and
>> if the user is the sole administrator, the user password is likely to be
>> exactly as complex as the root password.
> I'm comparing many other distros here that have a separate root password. The
> hacker may know your user name, and perhaps the password is a simple one.
> With Ubuntu/Kubuntu the hacker can now try sudo with the user password that
> he has discovered, and is into the inner works of the machine.
> With other distros, the potential hacker may well find your user password, but
> then has to find the root password to gain access to the machine, unless he
> just wants to mess with your user space. I would always suggest creating a
> non dictionary based password to gain access to root, but can't see your
> usual Ubuntu/Kubuntu user creating some complex non dictionary based password
> to login to Gnome/Kde, thus making it more difficult for a potential hacker
> to gain access.
> This is not any crititism of Ubuntu/Kubuntu. I 'm happy to work with it as is,
> and as regards my root passwords for my other distros, I must get around to
> changing them from time to time.
> These are serious, but at the same time lighthearted comments. No flame
> intended, just observations.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the kubuntu-users