You can configure sudo
to never ask for your password.
Open a Terminal window and type:
sudo visudo
In the bottom of the file, add the following line:
$USER ALL=(ALL) NOPASSWD: ALL
Where $USER
is your username on your system.
Save and close the sudoers file (if you haven't changed your default terminal editor (you'll know if you have), press Ctl + x to exit nano
and it'll prompt you to save).
As of Ubuntu 19.04, the file should now look something like
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
YOUR_USERNAME_HERE ALL=(ALL) NOPASSWD: ALL
After this you can type sudo <whatever you want>
in a Terminal window without being prompted for the password.
This only applies, to using the sudo
command in the terminal. You'll still be prompted for your password if you (for example) try to install a package from the software center
I know that the sudo password protects my computer from being locally hacked by someone having physical access to it.
I do not want to scare you too much, but if someone has physical access you handed access over to them regardless of how strong your password is. It will take 1 reboot by someone for that someone to be able change your root password (can be done from "grub rescue" without the need to supply your current password). By the way: this method is considered valid and a feature, and an accepted security risk (otherwise you would never be able to fix your system in case the password did get compromised).
but I know that it is not strong enough if someone can brute-force it remotely.
Here comes something else in play: a ROUTER should be smart enough to lock access from the outside if it is a repeated request asking for the same information over a short period of time. Basically what you have here is a DOS attack (or a DDOS if 2+ computers attacking you). A router should kill that connection and enforce a waiting period before accepting new requests from that connection.
Can anybody access my computer in root mode using my sudo password with no physical access to the computer, on a standard Ubuntu desktop installation ?
They first need to connect, then provide the sudo password. "root" mode is disabled and you can not directly log in to a "#" prompt.
Note that it is possible to abuse a service. If you have "ssh" running on that machine and they can "ssh" to your system, and get a hand on your username and password for that user (and as it is an admin user your sudo password too) they can access your machine and mess it up. By the way: if they do it like that they must have knowledge of your system first (like your password).
But then there is an issue with that (and any other method): how did they get your password? They can NOT get it from your system itself. And in general guessing is not worth the trouble. If it was socially engineered ... then your problem is there, not with the security model of your system, Ubuntu or Linux in general.
As long as your sudo password is yours you will/should be fine. And you will be even better off if it is a strong password (maybe easy to remember for you but not guessable by others). An example I used before when discussing this: If your dog is named "Abwegwfkwefkwe" using "Abwegwfkwefkwe" as a password is BAD even though it looks good (since someone could ask you: 'what is your dog's name' and they try that as a free guess). If you have no relation to "Abwegwfkwefkwe" it is a good password.
Best advice I can give:
do not enter your admin password when asked for it unless you know it was expected to be asked. If you open a browser and are given a popup that looks like our "asking for admin account password" ... stop ... and think first.
do not leave your system unattended when the "sudo" grace period is active. sudo --reset-timestamp
removes the current grace period and will ask for the password again when you next use "sudo". Lock your screen when you go AFK.
do not install services or software for the fun of it. If you do not need ssh
do not install ssh
, if you do not use a webserver do not install a webserver. And have a look at the currently running services. If you do not use BT on a notebook, disable it. If you do not use a webcam disable it (if active). Delete software you do not use anymore.
and for the really paranoid (and yes Paranoid Panda I am looking at you): change the password every so often. You can even install rootkit hunters to check for inappropriate access.
backup your important data to something that you keep off-line. So even if you do find someone on your system you can format it, and start over with a new install and your data restored.
Best Answer
Open Terminal and type:
Then scroll down to the line that reads:
And change it to:
You can change
0
to any values (time in minutes). Setting it to0
will ask for your password every time and-1
will make it never ask. The default is15
according toman sudo 8
, but some manuals say the default is5
. Have a look at the RootSudoTimeout wiki for more information.Press CTRL + X to finish editing, Y to save changes, and ENTER to exit.