Change How Long It Remembers Sudo Password in Ubuntu 20.04 /Debian 11

You know in Linux we usually use sudo in command to do a job with super user or another user privilege. It requires password authentication. And, terminal or console will remember the password for a period of time. So, user does not need to type it again within the time period.

The documentation says it remembers password for 5 minutes. But, it varies in recent Linux distributions. In my Ubuntu 20.04/21.10 and Debian 11, it won’t ask for password again even after 20 minutes. Though, it will ask immediately if you run sudo command in another terminal window.

Configure How long it remembers sudo password:

For either security reason or convenience, user may change the time interval via following steps. Which is controlled via /etc/sudoers file.

NOTE: The steps below is only for sudo password in terminal or command console. Authentication when using Ubuntu Software (Gnome Software) and other graphical tools are NOT affected.

1. Open the config file:

There’s a specific command to edit the file. Firstly, either press Ctrl+Alt+T on keyboard (for Ubuntu only) or search for and open terminal from start menu. Then, run command:

sudo visudo

In Ubuntu/Debian, this command will open the config file via nano text editor in terminal.

2. Add timestamp_timeout & timestamp_type values:

To do the trick, find out the line Defaults env_reset and add 2 key values separated via comma:

  • timestamp_timeout
  • timestamp_type

The timestamp_timeout controls how long it remembers the password in MINUTES. For example, set 30 to remember for 30 minutes, 0 to always ask for password, or -1 to never ask password until reboot.

And timestamp_type specifies the type. The value can be:

  • global – remember password for all terminal / command console for a user’s login sessions. Which means, you type password and it won’t ask again in all terminals for this user during the time interval.
  • tty – Won’t ask for commands run in same terminal during the time interval.
  • kernel – Store time stamp in kernel and support time period from 0 to 60. Only for OpenBSD.
  • ppid – Won’t ask password for commands running from the same shell during the time interval.

So the line could be finally Defaults env_reset,timestamp_timeout=2,timestamp_type=tty. You may though change the values accordingly.

Don’t ask password for 2 minutes in same terminal

3. Save changes:

After editing the file, press Ctrl+X on keyboard, type y and hit Enter to save it.

For Fedora, it uses the vim text editor to edit the file. So, user need to press ‘i‘ on keyboard to start inserting characters, then use ‘Esc‘ to stop editing. And, save changes by typing ‘:wq‘ one by one (or type ‘:q!‘ to quit without saving).

Disable Sudo Password:

It’s NOT RECOMMENDED to disable password authentication when running sudo password. Use sudo -i to switch to root user is good choice!

If you really want to do this, edit the config file via sudo visudo and add the new line in the end:

USERNAME ALL=(ALL) NOPASSWD: ALL

Here, replace USERNAME that you want to disable sudo authentication. Run $USER in terminal will output the current user name.

Never ask sudo password for user ‘merilyn’

That’s all. Enjoy!

Merilyn Ne
Hi, I'm Merilyn Ne, a computer geek working on Ubuntu Linux for many years and would like to write useful tips for beginners. Forgive me for language mistakes. I'm not a native speaker of English.