Need to change root password - any risk?

Hi guys,

I’m taking over the management of a FreePBX Distro install, and as a security measure I’d like to change the root password.

Takeover was not hostile, but I don’t want others to know the root password of a system I manage - they could mess up with it and get the customer to blame me to get the business back.

Are there any possible consequences for the running apps, cron scripts, bootup / shutdown, etc?

Did anybody successfully change the root password without further consequences or requiring reconfig / restarts / reboot?

Cheers

We change the root passwords of our servers on a regular basis. Only thing it could affect is process on another system that’s trying to log into your PBX as root ( not a good idea ).

Changed mine several times, no problems…

It’s NOT a good idea indeed.

OK, thanks for the feedback.
Are your servers FreePBX Distro-based?

We’re at +2 so far.

Thanks

Officially speaking this will have no affect, it’s actually a good idea to change password monthly. Or better yet use Key-based authentication

+3 then, great.

It’s not only about SSH access, that specific PBX is not in a fully secured area and it’s too easy for a malicious ex-supplier to sneak in and do harm. The current root login is known by too many people now.

I’ll experiment on an expendable test system we have in the lab.
If you don’t hear from me again it means all went well.

Cheers!

We’ve changed our service account passwords regularly (and root too). If you’re you’re worried about locking yourself out of a production machine, just boot into a lower runlevel and reset the password and then you’re back. (You will never be locked out if you have physical access).

This is in addition to the FreePBX specific comments above :slight_smile: