ssh and remote sudo not hiding password

Smoot Carl-Mitchell smoot at
Fri Nov 13 19:33:41 UTC 2009

On Fri, 2009-11-13 at 13:43 -0500, Hal Burgiss wrote:
> On Fri, Nov 13, 2009 at 10:49:24AM -0400, Derek Broughton wrote:

> > Nevertheless, you're recommending insecure practices to somebody who clearly 
> > doesn't have much of an idea why it _would_ be insecure.  Not nice.
> a) Its not insecure. There are any number of Unix like systems
> (all the *BSD's I believe?) that have root accounts with passwords. 

I agree with Hal.  Root password per se are not insecure.  Personally, I
find using sudo more convenient, but there are different ways to handle
security.  It all depends on what you want to protect and how valuable
it is.  On server systems I usually have a valid root password, since
if, say, I have LDAP authentication and the network goes south and
prevents me from authenticating normally via LDAP, then I can login as
root on the console which is a lot better than rebooting the system to
gain access.

The Ubuntu folks made an engineering decision to not have a root
password.  I think it as a good choice for a desktop OS as it avoids the
confusion of having two password to remember.  Being a Unix like system
that choice can always be changed and easily customized by the system
Smoot Carl-Mitchell
Computer Systems and
Network Consultant
smoot at
+1 480 922 7313
cell: +1 602 421 9005

More information about the ubuntu-users mailing list