this post was submitted on 12 Apr 2025
102 points (97.2% liked)

Linux

53468 readers
699 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
102
Why disable ssh login with root on a server if I only log in with keys, not password? (sh.itjust.works)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
81 comments fedilink hide all child comments
 

On a server I have a public key auth only for root account. Is there any point of logging in with a different account?

(page 2) 33 comments
sorted by: hot top controversial new old
[–] [email protected] 14 points 1 week ago

One always minimises attack surfaces and the possibility of fat fingered mistakes. The lower privileges that you grant yourself the better.

You'd think that Dave Cutler who, I believe, designed Windows NT coming from a Unix style background would have followed these principles but no. I discovered *nix late sadly.

[–] [email protected] 2 points 1 week ago

The multi-tennant approach to the linux operating system isn't just for security. It's the way the OS was designed to operate. You're not meant to use root as an ordinary user.

Disabling root removes the safety net, but it also plugs the security hole that leaving root enabled leaves.

[–] [email protected] 5 points 1 week ago (2 children)

You can disasble passwords so ONLY keys work, and you can firewall ssh to ONLY IPs you originate from.

[–] [email protected] 2 points 1 week ago

Just don't forget to check if your IP has changed if ssh suddenly starts timing out with no error indication no matter what you do and oh god what is actually wrong

I think there's a way to setup an alert for this.

load more comments (1 replies)
[–] [email protected] 50 points 1 week ago (2 children)

Its a concept called defense in depth. Without root login now you require the key AND sudo password.

Also, outside of self hosted you will have multiple people logging in. You want them to log in with their own users for logging and permission management.

[–] [email protected] 6 points 1 week ago (2 children)

Doesn't even have to be the key necessarily. Could get in via some exploit first. Either way taking over the machine became a 2-step process.

load more comments (2 replies)
[–] [email protected] 6 points 1 week ago

Audit trails

[–] [email protected] 73 points 1 week ago
  1. Swiss cheese slices: make them holes too tight.
  2. When you run everything as root, if you fuck your shit, your shit's fucked.

"Best practices" tend to come from other people's whoopsies. But it's always good to question things, too.

[–] [email protected] 9 points 1 week ago

If ssh has a security issue and you permit root logins then hostiles likely have an easier time getting access to root on the machine than if they only get access to your user account—then they need multiple exploits.

Generally you also want to be root as little as possible. Hence sudo, run0, etc.

[–] [email protected] 15 points 1 week ago* (last edited 1 week ago)

It's another slice of Swiss cheese. If the user has a strong enough password or other authentication method through PAM, it might stop or hinder an attacker who might only have a compromised private key, for example. If multiple users have access to the same server and one of them is compromised, the account can be disabled without completely crippling the system.

Using sudo can also help you avoid mistakes (like accidentally rebooting a production server) by restricting which commands are available to the user.

[–] [email protected] 9 points 1 week ago

I never login with the root account. Not even on the console. You don't want everything you do running as root unless it is required. Otherwise it is much easier for a little mistake to become a big mess.

[–] [email protected] 20 points 1 week ago (2 children)

Yes it's always better to login with a user and sudo so your commands are logged also having disable passwords for ssh but still using passwords for sudo gives you the best protection

[–] [email protected] 6 points 1 week ago* (last edited 1 week ago) (4 children)

Also double check that sudo is the right command, by doing which sudo. Something I just learned to be paranoid of in this thread.

Unless which is also compromised, my god…

load more comments (4 replies)
[–] [email protected] 7 points 1 week ago

Sudo also allows for granular permissions of which commands are allowed and which aren't.

load more comments
view more: ‹ prev next ›