friendica.eskimo.com

Welcome to Friendica.Eskimo.Com

Home of Censorship Free Hosting

 Eskimo North Linux Shells, E-mail, Virtual Machines, Web Hosting.

E-mail, Web Hosting, Linux Shell Accounts terminal or full remote desktops.

Sign Up For A Free Trial Here

Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
Sandal6823
Sandal6823 via Linux lemmy

Why disable ssh login with root on a server if I only log in with keys, not password?

On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
This entry was edited (3 weeks ago)
Link to source
107 5
HiddenLayer555
HiddenLayer555 lemmy
A door with the best lock possible is still not as secure as no door at all
This entry was edited (3 weeks ago)
Link to source
17 1
Nanook
Nanook friendica (DFRN)
@ShortN0te @truthfultemporarily What does sudo have to do with ssh keys?
Link to source
WheelchairArtist
WheelchairArtist lemmy
that's why root owns my .bash* stuff
Link to source
2ndSkin
2ndSkin lemmy
If the .bashrc is immutable, the attacker can't remove it.
That's how it works.
Link to source
SavvyWolf
SavvyWolf lemmy
I don't think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
Link to source
2ndSkin
2ndSkin lemmy

?

It's .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can't be removed from home.

This entry was edited (3 weeks ago)
Link to source
3
SavvyWolf
SavvyWolf lemmy
The home directory would need to be immutable, not bashrc.
Link to source
1
JasonDJ
JasonDJ lemmy

There must at least be MFA somewhere on the path then.

Even just keys, I wouldn't trust, unless they are stored on smartcards or some other physical "something I have", and centrally managed so they can be revoked and rotated. Too many people use unprotected SSH keys.

Link to source
1 1
miss_demeanour
miss_demeanour lemmy
ffs...am I dealing with children here?
You've accessed your server as a user, and then you su - to root.
You don't need a phone or a yubi or a dreamcatcher, or a unicorn.
Please stop with your pretension.
You're so far out of your league that it's embarrassing to me that I've bothered to answer.
Link to source
1 2
4am
4am lemmy

Then you can’t gain root privileges on your server. Are you really arguing for less security because it’s inconvenient?

This is end-user behavior and it’s honestly embarrassing. You should realize your security posture is much more important than “I left my phone on the other room”

Link to source