Solved Creating a blank password for root

B

balanga

I'm struggling to find a way of creating a blank password for root from the cmd line and would be interested in any ideas. Just to explain what I mean by a blank passwd.... ie pressing [enter] twice after entering passwd. This actually creates a password for root. It means you get a password prompt when logging in, whereas you don't if you never run passwd. I thought that pw usermod -n root -w none would do it, but unsets any existing password.

I need the password set to be able to use ssh(). If it's not set I can't login.
 
balanga said:
I'm struggling to find a way of creating a blank password for root from the cmd line and would be interested in any ideas. Just to explain what I mean by a blank passwd.... ie pressing [enter] twice after entering passwd. This actually creates a password for root. It means you get a password prompt when logging in, whereas you don't if you never run passwd. I thought that pw usermod -n root -w none would do it, but unsets any existing password.

I need the password set to be able to use ssh(). If it's not set I can't login.
Click to expand...
Why? Just left root password as normal. You setup a user with sudo or doas right on the server. Then on your computer you use ssh-keygen and then ssh-copy-id (same syntax as normal ssh), enter your password for the remote user once then just ssh as normal, no password needed, when you have your shell promt just use sudo or su.
 
Phishfry said:
Although this is a terrible idea you can set it to use root with no password.
/etc/ssh/sshd_config
Code: 
PermitRootLogin without-password
Click to expand...

You sure about this?

Maybe other options need to be set in addition, but that one on it's own doesn't work here.
 
balanga said:
You sure about this?

Maybe other options need to be set in addition, but that one on it's own doesn't work here.
Click to expand...
Do you ever consider my ssh key pair method above? Please let me know.
 
blackdog said:
Do you ever consider my ssh key pair method above? Please let me know.
Click to expand...

Is it scriptable? I'm trying to create an unattended installation of FreeBSD, and want to be able to be able to login to see if everything is working as it should be.
 
balanga said:
Is it scriptable? I'm trying to create an unattended installation of FreeBSD, and want to be able to be able to login to see if everything is working as it should be.
Click to expand...
I don't know because I've never tried to script it. The steps I done here: On the machine you're using, run ssh-keygen first. Then use ssh-copy-id like this example: ssh-copy-id -p 2222 blackdog@127.0.0.1 (I'm using VirtualBox NAT Portwarding, forward guest port 22 to host port 2222 with TCP protocol). It will ask your password for the remote user once and only once (in this example is blackdog). After you accepted to add the host to known_hosts and entered your password for the remote user the next time you login using ssh -p 2222 blackdog@127.0.0.1 it will just return the remote user's shell :)
 
I ship systems with service/recovery disk images, which, once dd'ed onto an USB stick, can be used for me accessing the system via call home VPN and ssh. Those images don't have a root password set. The sshd_config has only 5 additional lines (everything else has been left untouched):
Code: 
...
UseDNS no
UsePAM no
PermitRootLogin yes
PermitEmptyPasswords yes
PasswordAuthentication yes

Note, this is only for service cases, and the system won't have a direct connection to the internet. During the service there is only a VPN directly to my server.
 
obsigna said:
I ship systems with service/recovery disk images, which, once dd'ed onto an USB stick, can be used for me accessing the system via call home VPN and ssh. Those images don't have a root password set. The sshd_config has only 5 additional lines (everything else has been left untouched):
Code: 
...
UseDNS no
UsePAM no
PermitRootLogin yes
PermitEmptyPasswords yes
PasswordAuthentication yes

Note, this is only for service cases, and the system won't have a direct connection to the internet. During the service there is only a VPN directly to my server.
Click to expand...
Why add `UseDNS no` and `UsePAM no`?
It shouldn't be necessary.
 
You must log in or register to reply here.
Back
Top