Ridding myself of root passwords?

S. Dale Morrey sdalemorrey at gmail.com
Mon Feb 3 11:52:27 MST 2014


Ahh ok,

I misunderstood the without-password to mean they can login without a
password.
Guess that makes more sense.  I can't imagine a situation except for
possibly embedded and not connected to the internet that you would want
root to login without a password.


On Mon, Feb 3, 2014 at 11:48 AM, Lonnie Olson <lists at kittypee.com> wrote:

> On Sun, Feb 2, 2014 at 4:55 PM, S. Dale Morrey <sdalemorrey at gmail.com>
> wrote:
> > Has anyone here managed to completely eliminate a root password once it's
> > set?
> > I setup a server to be certificate auth for SSH.  But I seem to still be
> > able to SSH in with a password too.
>
> /etc/ssh/sshd_config
> PermitRootLogin no  # root cannot login at all
> or
> PermitRootLogin without-password  # root can only login via SSH keys
>
> Or go a step further and lock the user root completely and rely on
> sudo for privilege escalation.
> usermod -L root
>
> --lonnie
>
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
>


More information about the PLUG mailing list