Not an answer, but something which might be useful…
Root is normally a locked account on Ubuntu. It is considered “insecure” to allow root direct login, although it is debatable how much that actually matters for local accounts. I have to agree that allowing remote login of root
is probably insecure (if you allow remote login of root
, then never ever allow it with plain password, you’d only ever even consider it by means of a strong ssh
key with all password login denied).
This is not a Jetson topic, but really a Linux (and especially Ubuntu) topic. There are commands your admin user can use (via sudo
, which is root without direct login) to first unlock root, and to set a password for root:
# Set a password for root:
sudo passwd root
# Unlock root:
sudo passwd -u root
At that point root
is unlocked and has a password. That still does not allow remote login. Incidentally, if you wanted to reverse the above changes and lock root
back out:
# "-d" deletes password, "-l" locks:
sudo passwd -d -l root
The topic of ssh
keys is not difficult, but it is a separate topic. Unless you already know how to set keys for ssh
key-based authentication, then don’t do what follows (and don’t do it even then if you don’t plan on key-based ssh
remote root login). This would permit root to login on ssh
and refers to edits in file “/etc/ssh/sshd_config
”:
# Edit "PermitRootLogin" for either "yes" or commented out ("no") or "prohibit-password".
# Initially you might allow password in order to use convenient methods of setting up keys, but then you'd switch to "prohibit-password" to force only keys. End result edit in that file:
PermitRootLogin prohibit-password
The files updated for this will not be a simple list. You definitely want a non-root user first since there are commands which will refuse to run for root, and lots of software to install as non-root permissions. Root cannot even use sudo to fake being non-root unless such an account exists. However, assuming you have your non-root user as well, then typically the file list includes this to copy into your “rootfs/etc/
” locations:
/etc/passwd
/etc/passwd-
/etc/gshadow
/etc/gshadow-
/etc/shadow
/etc/shadow-
/etc/ssh/sshd_config
I’m only listing things I remember, and have not tested this. Beware that if you really want to do this, then if done wrong, it could result in a non-bootable system or a system with odd failures. I recommend setting this up on a running system which has a non-root user to start with, testing, and then cloning (which also serves as a backup). Then you could try flashing again after copy of those files to the host’s “rootfs/etc/
”. I won’t guarantee this will work without adjustments, but it should get you close.