[Please don't cc me; I'm on the list] On 19/02/16 11:05, Roman wrote: > 2016-02-18 22:30 GMT+02:00 Richard Hector <rich...@walnut.gen.nz > <mailto:rich...@walnut.gen.nz>>: > > > > I think a better solution in the end is to generate a random password > for each box, and leave it, on paper, in a safe or similar. It's very > rare anyone needs to use it. > > > Here is a hint (joke), how to secure root password for servers that are > physically accessible. > Just generate a random password during install long enough to be not > able to remember it. Do not write it down, continue installation.
That's just a marginally less secure version of locking it :-) > At any given time you need the root session, just get the disk drive > from your server and connect it to another machine, then just replace > the hash to one you know password for in /etc/shadow. Place your drive > back and boot up. After you finish the work, change your root password > again to some crazy piece of random. > ... or just boot from usb/cd/floppy/tape/whatever :-) Richard
