Disable sudo-password

[stefanmz]

Hey, how can I disable sudo password on Linux on my Steam Deck so no one can ssh into it? I want to set it back to its default state where there is no password and no ssh access?

[Eigenvektor]

Just stop the SSH service and remote login is no longer possible.

 

# this stops the ssh service
sudo systemctl stop sshd

# this prevents it from starting again after a reboot
sudo systemctl disable sshd

[stefanmz]

1 hour ago, Eigenvektor said:

Just stop the SSH service and remote login is no longer possible.

 

# this stops the ssh service
sudo systemctl stop sshd

# this prevents it from starting again after a reboot
sudo systemctl disable sshd

ok thanks a lot! So there is no actual way to disable sudo password? Just curious. I will definitely disable ssh though  thanks a lot!

[Applefreak]

18 minutes ago, stefanmz said:

ok thanks a lot! So there is no actual way to disable sudo password? Just curious. I will definitely disable ssh though  thanks a lot!

Just change the password. You could remove admin rights but that will either lock you out completely or destroy the install. Either way you are better off by either disabling SSH, changing passwords or have only certain MAC addresses allowed to access the machine. 

[Ralphred]

6 hours ago, stefanmz said:

So there is no actual way to disable sudo password?

Yeah, there is. Sudo has been defanged by by modern distros by using the ALL directive in the /etc/sudoers file.

What should be there in place of ALL is a list of actual commands that a user (or group) are allowed to execute with root privilege.

Now, if you need ssh access then set-up exclusive private/public key authentication, then a user that doesn't have user or group permissions in sudoers, and make sure there are no 'authorized_keys' files for other users. If that user isn't in the wheel group either they won't be able to use su to a: change to a user with sudo rights, b: su to root.

As long as your "admin" user is in the wheel group and able to su to root with a password, sudo is a bit redundant with ALL permissions and you can cut sudo access down by just removing that directive.

6 hours ago, Applefreak said:

lock you out completely or destroy the install

Lol, a bootable usb, chroot and passwd fixes that.

[stefanmz]

14 hours ago, Applefreak said:

Just change the password. You could remove admin rights but that will either lock you out completely or destroy the install. Either way you are better off by either disabling SSH, changing passwords or have only certain MAC addresses allowed to access the machine. 

yeah thanks I would probably just disable ssh for security because I won't be using it anyway.

[Sauron]

On 9/28/2023 at 7:46 AM, stefanmz said:

ok thanks a lot! So there is no actual way to disable sudo password? Just curious. I will definitely disable ssh though  thanks a lot!

You can only allow specific users: https://wiki.archlinux.org/title/OpenSSH#Configuration_2

 

you can also disable password access and only allow asymmetric key authentication; then you can just not have an authorized key for the root account and external access should be impossible.

 

https://wiki.archlinux.org/title/OpenSSH#Force_public_key_authentication