Rubin Shrestha
Rubin Shrestha
Blog

Passwordless Ubuntu

by |Published

I have a default Ubuntu installation used as a single-user system. It is not physically accessible to untrusted individuals. The machine is connected to the Internet, but no remote login services such as sshd are installed (default configuration).

It becomes tempting to use a simple login password, or indeed completely disabling it. I understand that this is bad practice, but what specific security vulnerabilities or attack vectors are introduced by completely disabling the local login password? In particular, are there realistic remote or local privilege-escalation risks that depend on the presence of a user password?

For reference, below is a bash script that performs this configuration (first allowing the user to sudo without password)

#!/usr/bin/env bash
USER="${SUDO_USER:-$(whoami)}"

echo "$USER ALL=(ALL) NOPASSWD:ALL" > "/etc/sudoers.d/$USER"
chmod 0440 "/etc/sudoers.d/$USER"
visudo -cf /etc/sudoers

passwd -d "$USER"

The network part of the ss -nap output below, per request from @tink

icmp6              UNCONN              0                    0                                                                               *:58                                                            *:*                                                                                                                 
udp                UNCONN              0                    0                                                                         0.0.0.0:35022                                                   0.0.0.0:*                                                                                                                 
udp                UNCONN              0                    0                                                                         0.0.0.0:5353                                                    0.0.0.0:*                                                                                                                 
udp                UNCONN              0                    0                                                                      127.0.0.54:53                                                      0.0.0.0:*                                                                                                                 
udp                UNCONN              0                    0                                                                   127.0.0.53%lo:53                                                      0.0.0.0:*                                                                                                                 
udp                ESTAB               0                    0                                                              192.168.1.205%wlo1:68                                                  192.168.1.1:67                                                                                                                
udp                UNCONN              0                    0                                                                       127.0.0.1:323                                                     0.0.0.0:*                                                                                                                 
udp                UNCONN              0                    0                                                                            [::]:5353                                                       [::]:*                                                                                                                 
udp                UNCONN              0                    0                                                                            [::]:40047                                                      [::]:*                                                                                                                 
udp                UNCONN              0                    0                                                                           [::1]:323                                                        [::]:*                                                                                                                 
tcp                LISTEN              0                    4096                                                                127.0.0.53%lo:53                                                      0.0.0.0:*                                                                                                                 
tcp                LISTEN              0                    4096                                                                    127.0.0.1:631                                                     0.0.0.0:*                                                                                                                 
tcp                LISTEN              0                    4096                                                                   127.0.0.54:53                                                      0.0.0.0:*                                                                                                                 
tcp                ESTAB               0                    0                                                                   192.168.1.205:33428                                              104.18.86.42:443                                users:(("firefox",pid=3814,fd=135))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:33438                                              104.18.86.42:443                                users:(("firefox",pid=3814,fd=137))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:58588                                               3.226.71.65:443                                users:(("firefox",pid=3814,fd=185))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:59182                                            34.120.208.123:443                                users:(("firefox",pid=3814,fd=170))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:32968                                             34.107.221.82:80                                 users:(("firefox",pid=3814,fd=94))                                             
tcp                ESTAB               0                    0                                                                   192.168.1.205:32982                                             34.107.221.82:80                                 users:(("firefox",pid=3814,fd=179))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:52288                                            34.160.144.191:443                                users:(("firefox",pid=3814,fd=74))                                             
tcp                ESTAB               0                    0                                                                   192.168.1.205:44310                                             3.233.158.112:443                                users:(("firefox",pid=3814,fd=200))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:39790                                            54.192.209.131:443                                users:(("firefox",pid=3814,fd=175))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:56146                                            198.252.206.18:443                                users:(("firefox",pid=3814,fd=153))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:56168                                            198.252.206.18:443                                users:(("firefox",pid=3814,fd=163))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:52030                                           151.101.237.140:443                                users:(("firefox",pid=3814,fd=212))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:52032                                           151.101.237.140:443                                users:(("firefox",pid=3814,fd=224))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55118                                             151.101.2.146:443                                users:(("firefox",pid=3814,fd=220))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:54816                                                3.167.0.92:443                                users:(("firefox",pid=3814,fd=210))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:54824                                                3.167.0.92:443                                users:(("firefox",pid=3814,fd=219))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:54678                                            54.163.251.122:443                                users:(("firefox",pid=3814,fd=187))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:43698                                             34.107.243.93:443                                users:(("firefox",pid=3814,fd=147))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:43710                                             34.107.243.93:443                                users:(("firefox",pid=3814,fd=166))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55618                                             104.19.194.29:443                                users:(("firefox",pid=3814,fd=176))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55632                                             104.19.194.29:443                                users:(("firefox",pid=3814,fd=183))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:43044                                               52.84.50.38:443                                users:(("firefox",pid=3814,fd=140))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:32954                                            151.101.237.91:443                                users:(("firefox",pid=3814,fd=221))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:43612                                              104.16.80.73:443                                users:(("firefox",pid=3814,fd=214))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:60168                                             198.252.206.1:443                                users:(("firefox",pid=3814,fd=61))                                             
tcp                ESTAB               0                    0                                                                   192.168.1.205:36374                                           151.101.236.157:443                                users:(("firefox",pid=3814,fd=209))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55684                                            151.101.237.91:443                                users:(("firefox",pid=3814,fd=101))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55698                                            151.101.237.91:443                                users:(("firefox",pid=3814,fd=97))                                             
tcp                ESTAB               0                    0                                                                   192.168.1.205:55712                                            151.101.237.91:443                                users:(("firefox",pid=3814,fd=172))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55736                                            151.101.237.91:443                                users:(("firefox",pid=3814,fd=196))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:37018                                              104.18.27.48:443                                users:(("firefox",pid=3814,fd=134))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:37028                                              104.18.27.48:443                                users:(("firefox",pid=3814,fd=100))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:37068                                              104.18.27.48:443                                users:(("firefox",pid=3814,fd=188))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55958                                              104.18.26.48:443                                users:(("firefox",pid=3814,fd=150))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:55970                                              104.18.26.48:443                                users:(("firefox",pid=3814,fd=202))                                            
tcp                ESTAB               0                    0                                                                   192.168.1.205:36886                                           162.159.140.229:443                                users:(("firefox",pid=3814,fd=222))                                            
tcp                LISTEN              0                    4096                                                                        [::1]:631                                                        [::]:*

You may also like