0

I've disabled root SSH login and I wanted to change my root password for a strong one.

I was logged in with an admin user and used the following:

sudo passwd root

I expected it to ask for my root password but it asked for my admin password and then I was able to change the root password.

Is that normal?

Does that mean that someone who can "hack" the admin user can change the root password without even knowing it?

I'm using Debian9 with VestaCP.

cyclone200
  • 125
  • 6

2 Answers2

1

That is how sudo works. I expect your admin user has sudo privileges. Since you are trying to execute passwd with super user privileges, sudo will ask you to provide the password of the admin user you are currently logged in with.

As long as the hacker doesn't have your admin user password, he cannot change the root password.

J. Pee
  • 42
  • 6
  • I see. Now, I understand why it is highly recommended to disable password login and only allow SSH Keys. Is that correct? – cyclone200 Jul 18 '18 at 20:13
  • 1
    It's up to you. Login with SSH key is probably more security oriented then simple passwords. But be careful with storing the private key. – J. Pee Jul 18 '18 at 20:18
0

sudo and other privilege escalation commands encourage using your personal user. Using a less privileged user where possible is safer for system integrity and security. Also, the personal user can be traced back to you, useful for auditing.

Speaking of auditing, you can track password changes. For example, forward syslog to a central location and parse it for passwd messages.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34