5

On a server I control, I have disabled password logins (public key only), but still need to enter my password to access sudo. This is becoming cumbersome, as I use a long, automatically generated password. I find myself frequently having to copy/paste the password.

I gather that it's a Bad Idea to disable password checking for sudo (as it opens you to the threat of any script you run quietly sudoing in the background).

Would it therefore be reasonable to use a short, fairly weak password?

This particular system runs various (internet-accessible) web services, and can only be SSH'ed to through a gateway server (which is itself internet accessible).

Steve Bennett
  • 313
  • 2
  • 7

4 Answers4

11

You have already acknowledged that having no password is a bad idea due to the fact that your server can be accessible via the Internet. Without a sudo password, it means that you are relying on your public key authentication.

If a vulnerability would be found in the authentication which allows an attacker to login:

No sudo password

It means that your server would be compromised to a level where the attacker has total access. Obviously, this is no good.

Short password

Assuming that you don't quickly find out about the vulnerability, an attacker could attempt dictionary or brute-force attacks.

Conclusion

Having a decent-sized password would offer an extra layer of protection if your public key authentication would fail. As Stephen pointed out in the comment section, you mentioned that the server is also running web services. This means that users of the services are also relying on your security. The attacker could easily edit your files to spread some malwares with the password.

See this question for some thoughts about password length.

Simon
  • 3,202
  • 4
  • 26
  • 38
  • Or if one of the internet-accessible web services is compromised. – Stephen Touset Jul 09 '13 at 01:14
  • I completely omitted that point, I will add some thoughts about this in the answer, thanks. – Simon Jul 09 '13 at 01:17
  • Are there ways to dramatically slow down a brute force password attack, say by allowing one password attempt per minute? (This assuming attempts have to take place on the server itself...) – Steve Bennett Jul 09 '13 at 01:32
  • There are already some methods implemented by default to reduce the brute-forcing speed. For example, after entering a wrong sudo password, there will be some downtime until you can make another attempt. However, depending how weak your password is, it could still be possible to brute-force it but it would definitely take a long time. Your best bet here would be to simply use a long password. – Simon Jul 09 '13 at 01:39
3

Passwords of 8 or more characters are easy to type and good enough, if you don't use a common word and use combinations of capitals, small letters, numbers and special symbols. Only 8 character passwords is the mandate in many corporate companies. Such companies also force users to change their passwords in 2-3 months. Bruteforcing 8 characters password(given that password contains combinations of capitals, small letters, numbers and special symbols) will take more than a human life with general systems, unless you are not using super computers. Please read this for details-> http://www.lockdown.co.uk/?pg=combi

1

Definitely, as long as it is a one-time password.

It is quite simple to add two-factor auth to any linux service using pam_radius:http://www.wikidsystems.com/support/wikid-support-center/how-to/pam-radius-how-to.

nowen
  • 777
  • 3
  • 8
0

learn to use strong passwords and store them in something like Keepass

using this is usually not much slower than typing a weak password, and you can use 32+ chars - passwords with no problem.