Remove root password

Printable View

06-18-2008
amit4g

Remove root password

Hi,

I have one linux machine on which i want to delete the root password.
My aim is to issue some commands(mostly which require root priviledge) from remote machines and for which i'm thinking of issuing rsh(not the kerberos rsh) from remote machines.
i.e.
[user@remote] /usr/bin/rsh <target machine> -l root <some command>

To achieve the same, i did:
[root@target] passwd -d root
[root@target] service sshd restart

After this i checked the /etc/shadow file on <target machine> and it
entry was removed, but still the target machine prompts for password
and as i've already deleted the password, hence even if i provide the
correct last password, it doesn't work ;(

[user@remote] /usr/bin/rsh <target machine> -l root "/usr/bin/date"
root@<target>'s password:
Permission denied, please try again.

what am i missing.
i know i can setup password less ssh, but why *this* not working.
i remember being able to do this on HP-UX 11iV3 Successfully, only instead
of 'rsh', i had 'remsh'

~amit
07-01-2008
geniuz

I think it REALLY isn't smart removing your root password, I don't even think it's easily possible in linux. Think about it, your server would be an open door to hackers --.--'
07-01-2008
bigtomrodney

Are you using ssh keys? If they were generated with passwords that could be the issue. EDIT - Oops I see you are using rsh rather than ssh.

I would like to second what geniuz has said - this is a really bad idea. Especially because you are using rsh which is insecure in itself. I would think the inconvenience far outweighs having a wide open server waiting to be rooted. Would you consider using sudo with a regular user, and instead encrypt roots password so no one has it?
07-02-2008
i92guboj

I would install ssh and setup dsa key pairs as suggested. Then you can login without a passwods securely as long as you have the public part of the key on the remote places (you can carry it on an usb stick, a floppy or whatever).

If you run an rsh open to the world without a passwords, you are screwed. Lots of bots roam the internet and are continuously trying for logins on remote machines, and they would hit you in no time.
07-02-2008
SagaciousKJB

Well, if you really want a passwordless root account, I'm pretty sure that if you edit the /etc/passwd file in the following way it will allow you to just hit enter at the password prompt and succeed with a login.

Code:

root:x:0:0...

Where "x" ( or whatever it may be ) is, simply delete it and leave it blank. In all my experiences, this has enabled me to login locally without a pass, but I've never tested it remotely.

Now, aside from this, there's another issue. If you're trying to avoid the prompt for the password, I don't believe there is anyway to do that at all. You can manage it with ssh by using keys and disabling password authentication like others have mentioned.
07-03-2008
i92guboj

Quote:

Originally Posted by SagaciousKJB

Now, aside from this, there's another issue. If you're trying to avoid the prompt for the password, I don't believe there is anyway to do that at all. You can manage it with ssh by using keys and disabling password authentication like others have mentioned.

You can if you are brave enough.

Most graphical login managers will allow you to auto-login. You can do so in the console as well, there are many approaches. A famous one is using mingetty instead of agetty.