No root password

As an experiment, have done without a root password, meaning that there is no way to obtain root via sudo or su, since if user cannot access the root account by cracking a password, neither could malware in theory.

This leaves the issue of getting root access directly. The resolution I have used is to open up the system virtual consoles, so they automatically login as root on startup.

All this assumes the console is as safe as the system unit, such as a desktop pc next to its own keyboard and not in a security cage, or otherwise users with console access could rip open the system unit.

  1. --- /etc/systemd/system/getty@.service.d/autologin-root.conf
  2. +++ /etc/systemd/system/getty@.service.d/autologin-root.conf
  3. @@ -0,0 +1,3 @@
  4. +[Service]
  5. +ExecStart=
  6. +ExecStart=-/sbin/agetty --noclear --autologin root %I $TERM

It also means leaving the debug shell permanently enabled on F9 is quite reasonable.

Actually Disabling the password

Now the password can be removed in /etc/shadow, line begins root:*: with the * meaning that there is no such thing as a correct password for this account, which is important as without it means that access to the account does not require a password without limit to the source of the logins.

I am usually using X11 via gdm3 which runs sessions as the regular user, and if wanting to use a VT as a regular, switch in with login -f

root in X11

A root X11 terminal is useful sometimes, I am using the property that GDM launched Xorg from the root account.

This needs to be set off from a root VT, or perhaps a systemd event triggered by a safe key, and when open, appears on the desktop. There is the possibility this could be attacked via the window manager; though only while the terminal and things ran from it are open.

I am regarding that as far more secure than any priviledge escalation, since it will be expected a virus can't issue a hotkey request unless it already has root access.

export DISPLAY=:0.0
export XAUTHORITY=/var/run/gdm3/auth-for-Debian-gdm-*/database
exec gnome-terminal

Or in use on Debian 9, note that Xorg runs as the less priviledged user so there may exist attacks on the root terminal, though only whilst it is open. One could run multiple X11 sessions, yet to be explored.

export XAUTHORITY=`echo /run/user/*/gdm/Xauthority | cut -d" " -f1`
export DISPLAY=:0
exec sakura

Getting remote root

This is an exception to the absolute control over root access given that cracking long ssh keys and good passphrases should be difficult.

If the source terminal in is the same - home pc (browse horizontal) or better trust zone (browse down) than the target (home server) then we need not use a passphrase on the key. If instead it is in a LESS trusted environment (i.e users pet laptop they take on holiday) accessing the administration jumpboxes (i.e. home server) then that is browse-up so the key gets protected with a long passpoem for that hop

This is closing in on SSH public key and sometimes vlan and cec access.

Since encryption only provides difficult to crack and not mathematically impossible, it could be combined with impossible (if configured correctly) separation via protected channel flags like vlan or priority bits.

in sshd_config_example have used

Removing all priviledge escalation possibilties

It seems more secure to decend from root and lock oneself in, than to allow escalate privileges, so take applications like sudo off the system, ignoring the warning about not having a root password!

You have asked that the sudo package be removed, but no root password has been set. Without sudo, you may not be able to gain administrative privileges.

If you would prefer to access the root account with su(1) or by logging in directly, you must set a root password with "sudo passwd".

If you have arranged other means to access the root account, and you are sure this is what you want, you may bypass this check by setting an environment variable...

Having read the warning, can export the environment variable and then remove sudo.