set up a root password

Cary Bielenberg cary at bielenberg.id.au
Tue Aug 5 22:44:52 UTC 2008 

I have 16 Ubuntu servers on my network & I enable the root password, but 
I do disable ssh logon to the boxes as root though. My rationale is it 
is a PIA to sudo every time I want to do anything. Also as I install 
Webmin on my boxes it makes it hard to make changes without root access.


Cary

Nigel Henry wrote:
> On Tuesday 05 August 2008 21:30, Derek Broughton wrote:
>   
>> Nigel Henry wrote:
>>     
>>> and find myself entering my usual root password,
>>>       
>> tsk, tsk... :-)
>>     
>
> Yes, I know, I know. Probably my situation is a bit different to most users in 
> that I have more than 20 distros installed on my 3 machines. Not having a 
> photographic memory, and not wanting to set up different root passwords for 
> all of them, and having to consult a notebook for the password every time I 
> boot up a distro, and want to get root access, I find myself with one root 
> password. Yes I should change it from time to time just in case.
>
> Being on dialup, with dynamic IP addresses, and not running any Internet 
> accessable servers, I'm sort of kidding myself that all is ok, but perhaps 
> could be more security concious.
>
>
>   
>>> Personally I believe that having a separate root password (which I would
>>> expect to be more complex, than a plain old user one) is a good idea,
>>>       
>> Not if you're using a "...usual root password".
>>     
>
> In my case yes, as I use the same root password for all distros. Not a good 
> idea to be sure, 
>   
>>> as
>>> on most of my distros, and does give an extra step that a potential
>>> hacker has to go through to get into your machine, but I suppose if they
>>> are determined to get in, they will find a way.
>>>       
>> It doesn't give an extra step.  They already _know_ the user name, they
>> only have to guess your password.  Why would it be more complex than a
>> "plain old user one"?  Passwords are as complex as the user makes them, and
>> if the user is the sole administrator, the user password is likely to be
>> exactly as complex as the root password.
>>     
>
> I'm comparing many other distros here that have a separate root password. The 
> hacker may know your user name, and perhaps the password is a simple one. 
> With Ubuntu/Kubuntu the hacker can now try sudo with the user password that 
> he has discovered, and is into the inner works of the machine.
>
> With other distros, the potential hacker may well find your user password, but 
> then has to find the root password to gain access to the machine, unless he 
> just wants to mess with your user space. I would always suggest creating a 
> non dictionary based password to gain access to root, but can't see your 
> usual Ubuntu/Kubuntu user creating some complex non dictionary based password 
> to login to Gnome/Kde, thus making it more difficult for a potential hacker 
> to gain access.
>
> This is not any crititism of Ubuntu/Kubuntu. I 'm happy to work with it as is, 
> and as regards my root passwords for my other distros, I must get around to 
> changing them from time to time.
>
> These are serious, but at the same time lighthearted comments. No flame 
> intended, just observations.
>
> Nigel.
>   
>> --
>> derek
>>     
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kubuntu-users/attachments/20080806/5b44b914/attachment.html>

More information about the kubuntu-users mailing list