I am still learning how to use my N800 with OS2008. I have my N800 set to allow ssh login. Of course for security reasons I changed the root password. When I tried to change the user password I got the following:
'The password for user cannot be changed.'
Is there a password for the user account? If I can't change the user password, how do I know that someone cannot log in to the user account when I am on the Internet?
from xterm, you'll notice that the password is set to just '!', compared to a long hash for root's password. So nobody will be able to log in as user through SSH.
You can change the user password by first gaining root access (I just leave my device in R&D mode so I can just sudo gainroot anytime; but once you've changed your root password, you can always just SSH in -- even locally -- as root), and then issuing
(caveat emptor: I'm not sure what setting the password for the default user would do to the normal boot-up sequence. Given that it's not really a security risk I'd suggest leaving it alone)
I do not plan to add a password to the user account. Why prevent root login with a password?
There is no password on the user account, meaning it has no valid password. You would actually be decreasing security by adding a password for user.
As has been suggested, change the root password and optionally disable the root login entirely so that root is no longer available for remote login - in theory someone could enter the password using a brute force attack, although it's very unlikely.
Only use ssh public/private keys (ie. non-password authentication) to login to user and then sudo to root when required.
