Why disable ssh login with root on a server if I only log in with keys, not password?
Why disable ssh login with root on a server if I only log in with keys, not password?
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
You're viewing a single thread.
Yes it's always better to login with a user and sudo so your commands are logged also having disable passwords for ssh but still using passwords for sudo gives you the best protection
Sudo also allows for granular permissions of which commands are allowed and which aren't.
Also double check that sudo is the right command, by doing
which sudo. Something I just learned to be paranoid of in this thread.Unless
whichis also compromised, my god…which sudowill check$PATHdirectories and return the first match, true. however when you typesudoand hit enter your shell will look for aliases and shell functions before searching$PATH.to see how your shell will execute 'sudo', say
type sudo(zsh/bash). to skip aliases/functions/builtins saycommand sudomeh nvm none of these work if your shell is compromised. you're sending bytes to the attacker at that point. they can make you believe anything
Maybe if you escaped the command like
\\type sudo?no, if the attacker can change files in your account, they can read every byte you type in and respond with anything, including pretending to be a normal shell. im not sure how to prevent ssh from running commands in your shell
You assume the shell isn't compromised.