Also double check that sudo is the right command, by doing which sudo. Something I just learned to be paranoid of in this thread.

Unless which is also compromised, my god…

which sudo will check $PATH directories and return the first match, true. however when you type sudo and hit enter your shell will look for aliases and shell functions before searching $PATH.

to see how your shell will execute 'sudo', say type sudo (zsh/bash). to skip aliases/functions/builtins say command sudo

meh nvm none of these work if your shell is compromised. you're sending bytes to the attacker at that point. they can make you believe anything

That is absolutely not the reason ANYONE recommends it, unless you are a complete noob and entirely unfamiliar with computer security at all, and are just pulling assumptions out of your ass. Don’t fucking do that, don’t post with confidence when you’re just making shit up because you think you know better. Because you don’t.

If there is a vulnerability in SSH (and it’s happened before), attackers could use that to get into root directly, quickly, and easily. It’s an instant own.

If root login is disabled, it’s way less likely that whatever bug it is ALSO allows them to bypass root login being disabled. Now they have to yeah, find a user account, compromise that, try to key log or session hijack or whatever they set up, be successful, and elevate to root. That’s WAY more work, way more time to detect, to install patches.

If the effort is higher, then this kind of attack isn’t going to be used to own small fry servers; it’s only be worth it for bigger targets, even if they’re more well protected.

If you leave root enabled, you’re already burnt. You’re already a bot in the DDoS network.

And why? You couldn’t be bothered to type one extra command in your terminal? One extra word at the start of each command?

Sorry bitch, eat your fucking vegetables