Thread: change password of user "user"
View Single Post
Milhouse is offline Milhouse
2012-01-26 , 04:42
Posts: 3,401 | Thanked: 1,255 times | Joined on Nov 2005 @ London, UK
#6
Originally Posted by erdie View Post
Hi all,
is it allowed to give the user "user" a defined password or will this lead to issues?
Background: I am using ssh-server for file transfert and it would be nice to have the right permission instantly.
Allowed? Yes. Recommended? No (IMHO).

Adding a password to the user account increases the chance of your device being exploited by someone guessing or brute forcing the password, though how seriously you should take this potential threat is hard to determine without knowing your precise circumstances.

The best and most secure option is to unlock the user account ("passwd -u user" as root), leave the user account without a password (not a blank password, but no password) and then use only public/private keys for authentication when logging in as user.

Originally Posted by erdie View Post
Using root over ssh will cause problems if the user is goning to access them.
Since PR1.1, using ssh to login as root is no longer permitted, either with a password or public/private keys.