Re^3: Continuous or timed?

Do I need to change the password of root to prevent malicious access as the device will be, and currently is, connected to the internet or is it inaccessible anyway?

I guess not as I haven't been prompted like I was with pi

Comment on Re^3: Continuous or timed? Select or Download Code

Replies are listed 'Best First'.
Re^4: Continuous or timed? by stevieb (Canon) on Dec 15, 2020 at 00:35 UTC
The root user in Raspbian has no password; therefore it is inherently secure. Clear as mud, eh? ;) It's set up in a special way so that A) the root user has no login access and is only available via sudo, and B) so long as your pi user has a good password (or SSH key access only), then you're golden, as the pi user is by default the only user allowed to sudo. If you set a root password, then you've opened up an attack vector, as the root user will then have login access.	[reply]

Replies are listed 'Best First'.

Re^4: Continuous or timed?
by stevieb (Canon) on Dec 15, 2020 at 00:35 UTC

The root user in Raspbian has no password; therefore it is inherently secure. Clear as mud, eh? ;)

It's set up in a special way so that A) the root user has no login access and is only available via sudo, and B) so long as your pi user has a good password (or SSH key access only), then you're golden, as the pi user is by default the only user allowed to sudo.

If you set a root password, then you've opened up an attack vector, as the root user will then have login access.

[reply]