Search code examples
linuxauthenticationuser-accountspasswd

How do I set a blank password for the root user in slitaz

I am running slitaz distro, and would like to completely remove the root password. I have tried giving a blank password to the passwd command, however that did not seem to do the trick. It gave me an error password was too short, ans it still asked me for a password when I ssh-ed in. The password was just hiting the "Enter" key.

UPDATE:
Perhaps it has to do with the fact that slitaz uses dropbear for ssh? Because even with a blank password for root in /etc/shadow, it still prompts for a password.

Solution

  • Do you really want to allow logins without a password? If so, try passwd -d root (see warnings below)

    ● Do you really want to have an empty password? echo root: | chpasswd or, if that is rejected, echo "root:$(mkpasswd -s </dev/null)" | chpasswd -e (see warnings below)

    ● For those coming here in search of a way to block password login for root, you have options:

    1. passwd -l root disables (locks), passwd -u root re-enables (unlocks) the root password.
    2. sshd option PasswordAuthentication no disables password authentification for all users (via ssh)
    3. sshd option PermitRootLogin no disables root login (via ssh)
    4. sshd option PermitRootLogin prohibit-password disables root login with password (via ssh)

    Notes and warnings:

    • ⚠️ Make sure you have a way to log in even if you accidentally lock your password. For example, a second user with full sudo access. (If you try to configure no / an insecure password, your system might actually lock you out.)
    • passwd -d root can allow for root login without password!
    • ⚠️ this is a terrible idea on systems connected to the internet. Don't do it except in an isolated host or network. An empty password is arguably worse.
    • that's why your system setup might still disallow logins without password (or with empty password) if you remove the password (or set it to the empty string). Especially via SSH.
    • SSH with public keys, and something ssh-agent is the way to go if you want the convenience of not repeatedly entering your password
    • SSH with public keys, and an unencrypted private key is the way to go if you want to run commands from remote scripts. There is a PermitRootLogin forced-commands-only sshd option; when set the remote script can only trigger specific commands that you need to configure on the server.

    Usually, passwords are usually saved in salted&hashed form in /etc/shadow. For more information, read the manpage with man shadow 5. Authentication can be blocked in the configuration of the SSH server (see man sshd_config) or in the OS's authentification system (see "PAM" - Linux Pluggable Authentication Modules).