friendica.eskimo.com

Why disable ssh login with root on a server if I only log in with keys, not password?

On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
This entry was edited (3 weeks ago)
107 5
A door with the best lock possible is still not as secure as no door at all
This entry was edited (3 weeks ago)
17 1
@ShortN0te @truthfultemporarily What does sudo have to do with ssh keys?
that's why root owns my .bash* stuff
If the .bashrc is immutable, the attacker can't remove it.
That's how it works.
I don't think that actually works; the attacker could just remove .bashrc and create a new file with the same name.

?

It's .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can't be removed from home.

This entry was edited (3 weeks ago)
3
The home directory would need to be immutable, not bashrc.
1

There must at least be MFA somewhere on the path then.

Even just keys, I wouldn't trust, unless they are stored on smartcards or some other physical "something I have", and centrally managed so they can be revoked and rotated. Too many people use unprotected SSH keys.

1 1
ffs...am I dealing with children here?
You've accessed your server as a user, and then you su - to root.
You don't need a phone or a yubi or a dreamcatcher, or a unicorn.
Please stop with your pretension.
You're so far out of your league that it's embarrassing to me that I've bothered to answer.
1 2

Then you can’t gain root privileges on your server. Are you really arguing for less security because it’s inconvenient?

This is end-user behavior and it’s honestly embarrassing. You should realize your security posture is much more important than “I left my phone on the other room”