This is not for the faint of heart. In this one, I gleefully tell you how to enable password-less sudo.

KGIII

Well-Known Member
Credits
8,182
Yup... I really don't feel like typing my password every time, so I completely disable it.


Now, you'll still need a password to login. You'll still need to type passwords when it's a GUI instance. This only removes the need to type the password in the terminal. It may also cause some conflicts elsewhere.

If you are going to do this, you should probably also have an encrypted drive. I figure if they can get by my drive encryption, them being able to type sudo without a password is the least of my concerns. So, I just get rid of it. I would not suggest doing this unless your very specific use case means this makes sense to you.
 


f33dm3bits

Gold Member
Gold Supporter
Credits
12,774
I use password-less sudo for my mediabox running, kodi. Runs nothing but an OS and there are no local files, I could use sshkeys to then login directly as root but I find password-less sudo appropriate for this setup.
 
Last edited:

KGIII

Well-Known Member
Credits
8,182
There are times where it makes sense and is perfectly fine to do so. I surely wouldn't do this on a production server that's out on the public web, even with SSH requiring a key or anything like that.

At home? On a box that has a drive encrypted? Living in a very rural area? Yeah, it's all good.

Heck, I can have guests enabled on my wifi and not have to worry. If you're within range of my wireless, you're on my lawn or porch. The nearest neighbors are at least a half mile away, just to their driveways.
 

f33dm3bits

Gold Member
Gold Supporter
Credits
12,774
For that system I have password authentication disabled so I force sshkey based authentication and only one user can login, as well as it only mounts readable network shares.
 

KGIII

Well-Known Member
Credits
8,182
For that system I have password authentication disabled so I force sshkey based authentication and only one user can login, as well as it only mounts readable network shares.
Yup. It's so much more secure without password login being enabled.

One of the key takeaways from this is one of my favorite sayings, "Security is a spectrum." I don't say that as often as I say, "Security is a process, not an application." Still, I say it remarkably often.

One end is keeping everything on paper with physical security and no computer at all. The other end is a Windows XP box running passwordless as a public-facing server with your banking data on it.

Or something like that.

Where does one want to be on this spectrum and what trade-offs will you make to get your job done? These are conscious choices that *should* be made by end users, sys admins, IT staff, etc...
 

Members online


Latest posts

Top