Before Whonix 18, changing default password ‘changeme’ is recommended by the document. In Whonix 18 Gateway, user user is not in the sudo group I have to move to sysmaint to perform some actions, is changing default password recommended today?
I got updatecheck failed on Whonix user session after changing sysmaint password.
I’d like to know too. So changing password isn’t necessary anymore?
That’s a great question, and like a lot of things in security the answer is “it depends”. Whonix and Kicksecure are designed such that most users will probably not need to set a password at all (especially if you’re using them in VMs). However, whether setting a password is recommended depends on your threat model.
If you run systemcheck, you’ll see a “login security check” table that tells you whether a password is set for each user, and whether autologin is enabled for each user. The info in this check is color-coded, and the meaning of the colors used is documented here:
That link goes into more detail about the threat models you might be working with and what the recommended action is for those situations.
In short, setting a password won’t hurt anything and may be advisable for some users. Not setting a password is fine for many users but might be less secure for others.
1 Like
More documentation here:
Note:
For Whonix Gateway, is it necessary to have the user `sysmaint’? Because most actions Gateway needs to be user ‘sysmaint’ with password, like user ‘user’ entering sudo password in Whonix Gateway 17, both risk password sniffing.
upgrade-nonroot needs to be executed as sudo so entering sysmaint password if it’s not passwordless, giving another chance to attacker to sniff password. While upgrade-nonroot in Whonix 17 doesn’t require password.
So in gateway or workstation, I go into terminal and enter command
systemcheck
is that what I do?
Yes.
1 Like
In Whonix 17, we didn’t include user-sysmaint-split by default for Whonix-Gateway, since we also initially believed that it wasn’t necessary. However, we later realized that once we implement Verified Boot (still in planning, not yet implemented), we would need user-sysmaint-split even in Whonix-Gateway, and we also realized that adding user-sysmaint-split to Whonix-Gateway would reduce the impact of some forms of gateway compromise by making it harder to circumvent Tor in that instance. We added user-sysmaint-split to Whonix-Gateway in Whonix 18, and it is recommended to keep it enabled there.
1 Like
Whonix Forums Discussion on the usefulness of user-sysmaint-split inside Whonix-Gateway
Deprecated: Whonix 17 End of Security Support and Deprecation Notice - All users should move to Whonix 18!
1 Like
Can I setup sudoers for passwordless upgrade-nonrootto reduce the chance of entering or getting sniffed sysmaint password?
Yes, sudoers exceptions can be configured as per Self Support First Policy for Whonix.
What some users you are referring need to set a password?
Following wiki links already given will answer that.