(no subject)
The problem with mucking-up your root password is that you have to shutdown and reboot into single-user mode. Actually, that's not a problem; it's just annoying.
And it's doubly-so because the computer/server in question is headless. That means it's just a computer box: no monitor, no mouse, no keyboard, no nuthin'. So I have to drag some parts over to it, connect them, and do all the fixing right there; I can't log in remotely to fix the problems.
My "learning experience" solution is to enable root login using ssh, but without a password. No password at all for root. This is a change, because I have always disabled root login using ssh. I have added, however, my main user account's public rsa-key to the authorized keylist for root.
What this means is that while nobody can ever login using ssh to the root account without the private key, I can ssh over the loopback from the user account after a 'regular' remote login. No root password is needed since the authorization is an encrypted random number that changes from moment to moment.
How awesome is that?
Disclaimer:
This Entry was originally posted at http://fionnbharro.dreamwidth.org/433388.html and will eventually become my primary Journal. Please consider joining me there; it uses the same interface as LiveJournal (so you'll feel comfortable using it), but has less spam, fewer problems with management, and better user-control regarding privacy issues. Ask me for a membership invitation!
And it's doubly-so because the computer/server in question is headless. That means it's just a computer box: no monitor, no mouse, no keyboard, no nuthin'. So I have to drag some parts over to it, connect them, and do all the fixing right there; I can't log in remotely to fix the problems.
My "learning experience" solution is to enable root login using ssh, but without a password. No password at all for root. This is a change, because I have always disabled root login using ssh. I have added, however, my main user account's public rsa-key to the authorized keylist for root.
What this means is that while nobody can ever login using ssh to the root account without the private key, I can ssh over the loopback from the user account after a 'regular' remote login. No root password is needed since the authorization is an encrypted random number that changes from moment to moment.
How awesome is that?
Disclaimer:
This Entry was originally posted at http://fionnbharro.dreamwidth.org/433388.html and will eventually become my primary Journal. Please consider joining me there; it uses the same interface as LiveJournal (so you'll feel comfortable using it), but has less spam, fewer problems with management, and better user-control regarding privacy issues. Ask me for a membership invitation!