Changing the root password

Question

What are the implications of changing the root password? Is there anything that will be affected? I'm using a private shared SSH key - I assume I do not need to change this as it is not tied to the root account password.

score 2 · Accepted Answer · answered Nov 06 '14 at 20:09

2

I won't say there are no implications on your system, as I have no idea what strange things your might have done, but I've never had any on mine. After all, it's just a password.

Of course, it might be easy to create systems where the root password is stored somewhere for some purpose, but I would consider this bad design to begin with.

And you are right, SSH keys don't need to be touched.

answered Nov 06 '14 at 20:09

Sven

98,649
14
180
226

Will changing the root password affect the mailing server or database server? – somejkuser Nov 06 '14 at 20:32
3

It should not. I would say that if it does, you did something wrong, but I don't know your environment. – Sven Nov 06 '14 at 20:35

score 0 · Answer 2 · answered Nov 07 '14 at 01:49

0

If you can't afford to risk it, then consider restoring your server from a backup, or if it's a virtual machine make a clone of it, and test resetting the password.

answered Nov 07 '14 at 01:49

TessellatingHeckler

5,726
3
26
44

score 0 · Answer 3 · answered Nov 09 '14 at 10:05

Not many aside from choosing a weak password.

If your system encrypts users home directories it is possible you could be in for a bad time if you then forget the new password.

Standard practice is to not give root access to services like ssh, and instead have users sudo for privilege, this means you can track who logged in with the escalated privileges.

score 0 · Answer 4 · answered Nov 09 '14 at 10:36

If you log in as root by using an ssh key, then you don't need the password. I have multiple servers on which I have changed the root password to be a random string of characters which is not recorded anywhere.

Keys that are already authenticated through ~root/.ssh/authorized_keys will keep working after the root password has been changed. And if you always authenticate using a key, there is no need to know the password.

A couple of things to keep in mind:

Administrating the server locally rather than across the network becomes more troublesome if you don't know the root password, and may require you to reboot the server.
A random password known to nobody still has to be strong enough to not be possible to brute force.
You can configure the system such that there is no valid password at all. But if you do that pay close attention to the difference between:
- permitting login without password
- asking for a password but never accepting any
- suspending the account

Changing the root password

4 Answers4