Since you mention setup instead of any manual install screwery, I’d say root(uid 0) is still very real, you just didn’t setup any login for it. Every time you sudo (substitute-user-do), you(probably uid 1000) are running that command as root instead of you. In fact, just sudo -i and you are now “logged in” as root.

Edit: Missed the context. Should still be useful info but you probably are not accidentally remoting into an account you never setup the login for.

Raspbian is sometimes a compromise between security and usability, because it is designed to go into the hands of new users. It also used to ship with a default “pi/rasberry” login hardcoded and IIRC permitted root password login over ssh. Things experience users change or turn off, but needs to start friendly for the rest, you know?

By doing this, they can take a step in the right direction by separating the root and login user, without becoming annoying asking for a password frequently as a newbie copies and pastes tutorial commands all week.

And as I said it’s unlikely, even very unlikely, but just not impossible. Everything comes with a risk, I just believe it’s up to you, not me, what risks mean in your environment. Might be you’d like to have the convenience on the home dev server, but rather have as much security as possible on a public facing one.

Or maybe you’d like to get really dialed in and only allow specific commands to be run without a password, so you can be quick and convenient about rebooting but lock down the rest. Up to you, really, that’s the power of Linux.

In Debian, you will want to modify your /etc/sudoers file to have the NOPASSWD directive.

So where you find something like this in that file:

%sudo ALL=(ALL:ALL) ALL

Make it like this:

%sudo ALL=(ALL:ALL) NOPASSWD:ALL

In this example, powers are given to the sudo %group, yours might just say pi or something else the user fits into.

Also, please note that while this is convenient, it does mean anyone with access to your shell has a quick escalation to root privileges. Some program you run has a shell escape vulnerability and gets a shell without a password, this means they also get root without one too. Unlikely to happen, sure, but I believe one should make informed decisions.

Now would be a good time to look for a .com you like, or one of the more common TLDs. And register it at Namecheap, Porkbun, or Cloudflare. (Cloudflare is cheapest but all-eggs-in-one-basket is a concern for some.)

Sadly, all the cheap or fun TLDs have a habit of being blocked wholesale, either because the cheap ones are overused by bad actors or because corporate IT just blacklists “abnormal” TLDs (or only whitelists the old ones?) because it’s “easy security”.

Notably, XYZ also does that 1.111B initiative, selling numbered domains for 99¢, further feeding the affordability for bad actors and justifying a flat out sinkhole of the entire TLD.

I got a three character XYZ to use as a personal link shortener. Half the people I used it with said it was blocked at school or work. My longer COM poses no issue.

Plug it into a monitor or TV and keep an eye on the console.

I have an older NUC that will not cooperate with certain brands of NVMe drive under PVE…the issue sounds like yours where it would work for an arbitrary amount of time before crashing the file system, attempting to remount read-only and rendering the system inert and unable to handle changes like plugging a monitor in later, yet it would still be “on”.

I recommend Dockge over Portainer if you want a web admin panel. https://github.com/louislam/dockge

It’s basically docker compose in a website, and you can just decide one day to turn it off and use the compose files directly. No proprietary databases or other weirdness.

I use Minio https://github.com/minio/minio, though there are others. As someone who never worked with s3 before but wanted to try it and use it with some apps that supported s3 as a storage target, it’s been working fine for me though I’m certainly not using it to its potential. Has web access and all.

Others might be:

https://github.com/seaweedfs/seaweedfs

https://garagehq.deuxfleurs.fr/