I didn't know you were supposed to disable root user...
I didn't know you were supposed to disable root user...
Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
You're viewing a single thread.
I do worry about putting up public servers that other people might rely on because there's something I might not realize making it vulnerable.
So far I have pubkey root login only on the VPSs I'm messing around with, but my ol' reliable private key from 6 years ago might be beginning to fall behind on encryption standards.
Don't SSH in as root. Create/use your low-privileged user and add it to the sudo group (with a secure password!), then disable root login for SSH.
You may not want root login.
ssh-keygen -t ed25519For that new key hotness
Key based authentication is so hot right now