I normally use "PermitRootLogin prohibit-password" so that other PC's in my local net can use ssh root (with key access) to access backup storage on my main machine.
That one has a E-sata docking station for backup disks and a SCSI interface to a tape changer drive. So when everything is made ready the previous evening I can go to sleep and the next morning the backups are ready (cron scripts do the work).

Thank you for the great replies!
 

Why was sudo created? What problem did it solve? Does it only make more than one root on a system and that is it plus it keeps the real roots password protected? :confused:

No. Please re-read post #6 above. If you need a long-form explanation get Michael W Lucas' book, sudo Mastery, 2nd edition or his online presentation, "sudo: You're Doing It Wrong".

It solves one problem common in offices: what happens when the sysadmin goes on leave?

She has a team of course, one or two people who know enough to manage the machine without her for a couple of weeks and deal with users' problems on a day-to-day basis. But she doesn't trust them to do really fundamental things like full system updates and in any case she can't give them her password, because once a second person knows a password, in principle everyone knows it!

So she gives them sudo rights to a range of commands that will allow them to keep the system ticking over smoothly while she's away but not allow them to do anything catastrophic. Because that's the thing about sudo: not only does it give root access without the root password but it can be used to give access to specific commands and not others.

I think it was Knoppix that first used sudo as a general go-to-root command that could be used for any purpose. Then Ubuntu popularised the idea for installed systems.

A brief history of 'sudo' at the link below. As you can see it pre-dates Ubuntu and Linux. Ubuntu documentation on the use of sudo on Ubuntu with the pros and cons is at the 2nd link below.

https://www.linux.com/tutorials/linu...oduction-sudo/

https://help.ubuntu.com/community/RootSudo

Long passwords don't have to be a pain in the neck. See xkcd's "Password Strength" toon for one method of making memorable long passwords. Much better than the mainframe/supermini passwords we were assigned years ago that looked like modem line noise which guaranteed they'd be written down somewhere near each user's desk. (And security policy mandated that we get new ones every three months---right about the time you finally memorized the previous password.)

I'm not an Ubuntu user but I have yet to encounter a system that disallowed "sudu /bin/bash" which lets you be root for as long as you wanted to. On openSUSE I'm at least required to enter root's password to do this (unless the issuer is in the 'wheel' group). I can only guess that, on a distribution using a password-less root account, that command lets you right in.

As for the SSH issue, check the contents of "/etc/securetty"... if that's used on Ubuntu. It's supposed to contain a list of places where 'root' is allowed to login directly. Usually this file lists all the virtual consoles ('tty1' through 'tty6'). On some systems, it would also contain 'console'.)

Cheers...

On my older machines sudo isn't even installed and anyway, it isn't configured by default in Slackware (which then a real root has to do).
On my working machine I do have it configured to do those "one command things" it isn't worthwhile becoming root for.

PS: the command sudo -i is much shorter and simpler then the one you mentioned, explicitly naming the shell (or others like sudo su). From the man page
BTW: you can disable this by denying that user access to the shell. Of course this is a bit difficult for the root user, so that's one of the reasons why using sudo for all commands (and destinarion user ID's) is not that good an idea.

There's a well-known principle here that probably has a name, but I don't know what it is: any attempt to make things more secure will probably end up making them less secure. Someone I once worked with had worked for GCHQ during the war. There was one room in their building which was supposed to be kept locked and which could only be opened with a key that was kept in a locked wall box. You checked out the key for that at the main desk. Of course what happened was that no one ever locked that door because it was such a pain to open it.

It is also arguable that a home user should (if not using a password manager) generate complicated passwords then write them down on a piece of paper and stick it in their desk drawer. When was the last time someone broke into your house, and then inspected and stole some paper? I think it at least as important that one never re-use a password; although I am drifting off topic here.