Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

8
  • Could you elaborate on how 2 and 3 are related to passwords, I don't see the connection... And of course ssh defaults to refusing connection attempts with blank passwords. I wonder if you can think of another example which does not. Commented Jun 11, 2021 at 11:19
  • 2 & 3 just matter in terms of how difficult it is to gain access as a user - these points of course also apply to getting access as a user via other means. Yes, ssh does this, but the question is how far the "no-password" goes or not for the scenario. Commented Jun 11, 2021 at 12:03
  • I actually hadn't considered the ssh aspect when I posted this but I think I would lean more towards Philip's interpretation for the following reasons: a) as he stated it is the default behavior of ssh to refuse blank passwords, and b) I have already stated that the system is not devoid of protection (separate, de-coupled, & well-protected root account, FDE) so intentionally configuring ssh/sshd to allow this seems out of keeping. But I do see your point that this is very dependent on how far I want to take the no password scenario and that I failed to specify - will update shortly. Commented Jun 11, 2021 at 14:59
  • Re-reading, 1 other thing that I am curious about: Maybe misunderstanding?... So 2 & 3 are somewhat vague on how what kind of exploits but thinking that in many cases the exploits would not be made easier by the presence of a password. To give a somewhat more concrete example, let's say there was an exploit via the web-browser. Normally web-browser never prompts user for password to save a file, so absence of a password shouldn't matter if browser itself is compromised. I would think more than password, proper sandboxing like firejail or things like SELinux / 'AppAmour` would matter more. Commented Jun 11, 2021 at 15:44
  • "Matter more" - well it think now we are going towards the problem of "option-based". Let me make my point by an analogue: Of course driving a tank will be safest in terms of road accidents, but the low speed, lack of parking spots and trunk space will make me take a car instead. Surely, it'll have an airbag for security. So the only hassle left for me is putting on the seatbelt (i.e. typing the password). Up to each individual to decide if that is too much or very little for the advantage it offers. .... I feel like we are getting too philosophical and maybe a good answer is not possible. Commented Jun 11, 2021 at 16:27