Can I get a over view of Ubuntu's sudo command and root user password?
 

Hi. I have very limited experience with ubuntu. I just decided to keep a version of Ubuntu handy for use and installed Bionic Beaver. My question is how does Ubuntu compare to Distros that have root user passwords? Doesn't the system need one for file permissions and security?If I get a SSH break in do they only have to guess my user password?

Thank your for your expertise!

Not having a root password tends to be a bit more secure since people will not login to a shell as root and leave it open and then accidentally run a command in it they meant for another terminal.
You can set a root password in Ubuntu and use the system that way, just the same as you could remove the root password in another distro.

With or without root, you can run commands with the sudo command so it gets run at root level access.
runs the apt update command with root level permissions.

Most services will run with just the permission they need and usually with a special user account (also without a password), so they do not need root to start like things did years ago.

If they have broken in to a user that has sudo rights, they don't need the password. They are already inside, with full privileges.

When root has a password, a potential attacker needs to guess the password. When not, the attacker needs to guess both the account name and the password. I suppose the former is a bit more secure. This resembles the recommendation to change the name of the Windows admin account to something else than administrator.

On the other hand, you could just disable ssh to root, so that the above point becomes moot.

There is also key authentication for SSH, but it's a tiny bit more involved.
It does away with password queries and instead compares your own personal private cryptographic key instead.
You generate a keypair, never share the private key, and then upload/copy your public key into your target, and then things get negotiated like that.

An attacker would need your private key file then to log in.

This article seems to be a pretty good overview: https://www.howtoforge.com/tutorial/...ginners-guide/

Only if sudo has been misconfigured, as it is by default on most distros. :(

Disabling root login from SSH is always a good move and that includes disabling SSH login for regular accounts that have excessive permissions via /etc/sudoers.

I'm not sure I understand this reply:
isn't the answer to OP's question "If I get a SSH break in do they only have to guess my user password" (to get full root access to the system)? clearly YES?
I know that sudo can be configured differently, but on most systems one can run any command (requiring root privileges) with sudo, no? Over ssh, too!
So that means ssh into user account => user password cracked => full system access, no? Regardless of how or whether the root account is configured.

EditL My comments were incorrect in the ordinary course, so deleted not to mislead.

I remember that someone in an earlier thread recommended having two user accounts for distros that give the first user full sudo rights. The second account should not have any opportunity to gain privileges and should be the only account used online.

But I must admit I don't do this myself. It seems like overkill.

The actual reason I posted this question is because I don't use a long password for my personal login and Ubuntu will do anything if you put a sudo in front of the command. So if an attacker breaks into Ubuntu using a regular user account,do they just have to put sudo in front of a command? Please disregard this if it has been answered already.Edit: It looks like this has been answered but it seems pretty stupid if this can be done so it makes me doubt it.:confused:

It has to be your user account, the one created at install, as far as I know the ubuntu's do not generate password-less sudo for any account created later.
Of course for me in Slackware sudo is never password-less, in fact it isn't even enabled by default, you have to edit the sudoers file first (using real root).

I always have separate accounts for root and my user.
My user never has sudo.

Also, if this is a personal system and not a remote server, never install sshd server either.
If you do need remote access, ensure it's ONLY for your non-root user (& never allow sudo, as above).

I'd say instead to never allow misconfigured sudo. sudo, when done in a reasonable manner, can be quite useful and at the same time compartmentalize access.

Well, yes, but I'm thinking of my personal PC, on which I am the ONLY user.
If I need elevation, I 'su -' and root passwd.

Needless to say, passwds for both my accts are non-trivial ;)

In fact some basic stuff can be configured through sudo, but its very difficult to stop people breaking out if they try hard enough.

For shared servers, it's handy to enforce sudo for all to ensure logging (& ofc off-load logs immediately etc etc ) - here we get in to a whole can of worms about security - overkill for this conversation.

I think the solution to this is pretty obvious:
Use a longer password.

But, more importantly: Use ssh keys only for ssh access. Because that is much safer than any password. Disallow password login over ssh. Also disallow root ssh access completely, if that wasn't mentioned already.