0

While installing Ubuntu I just gave same password whenever it asked for password, and I didn't bothered to see whether root password or user password. Now I have only one user account on my system so I didn't have to bother about types of passwords in any way.

But for some reason I shared the password with friends in the same LAN. Now they are able to establish SSH connection without my consent.

So I just thought of changing the password thinking changing password at single place so that I can use the system in the same way with the new password. But as I looked for it I came to know I can change password individually for Root and the User.

So my doubts are:

  • Do I have to change the password separately for both root and user even if I use same password?
  • If I use different passwords, when exactly I use the user password? only for user login?
  • Which password should I change to avoid SSH connections from others?
muru
  • 207,228
reddi hari
  • 3

2 Answers2

2

During installation of Ubuntu, you don't set any password for root, the account is disabled for logins and you also don't need that. You can check if that is the case:

sudo passwd -S root

-S, --status
Display account status information. The status information consists of 7 fields. The first field is the user's login name. The second field indicates if the user account has a locked password (L), has no password (NP), or has a usable password (P).

If the second field is an L, the account is locked and you don't need to do anything. If the second field has NP or P, you may want to lock it with this command:

sudo passwd -l root

See here for more information on why root is disabled by default in Ubuntu.

Then you can simply change your user password, and you're good.

Another option (or better additional measure) would be to change your ssh-server's settings (in /etc/ssh/sshd_config):

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes

Also check ~/.ssh/authorized_keys file if your friends installed password-less authentication on your system. However, if you consider your "friends" could have installed some backdoor, you should follow @guiverc's advice ...

pLumo
  • 27,991
0

By default, when installed there is no root password on Ubuntu, so unless one has been set, there never was one (it's originally an invalid password that is impossible to key in).

If a root password was set, it's been set after install (and they can be different; it's up to you as at install only a user password is set (with sudo rights, so that user does have ability to add a root password).

In your circumstance, I'd nuke your system and start again... as you cannot really know what was done (if they're any good, they'll have made tracks hard to follow for you I'm betting).

You can create your logins so they require keys (and not passwords), however I'd still start afresh via re-install.

guiverc
  • 33,561