Why disable ssh login with root on a server if I only log in with keys, not password?

Its a concept called defense in depth. Without root login now you require the key AND sudo password.

Also, outside of self hosted you will have multiple people logging in. You want them to log in with their own users for logging and permission management.

Doesn't even have to be the key necessarily. Could get in via some exploit first. Either way taking over the machine became a 2-step process.
The sudo password can be easily extracted by modifying the bashrc.
- And who is going to edit your .bashrc?
- This was downvoted, but is a good question.
  If your account is compromised, the shell init code could be modified to install a keylogger to discover the root password. That’s correct.
  Still, that capture doesn’t happen instantly. On a personal server, it could be months until the owner logs in next. On a corporate machines, there may be daily scans for signs of intrusion, malware, etc. Either way, the attacker has been slowed down and there is a chance they won’t succeed in a timeframe that’s useful to them.
  It’s perhaps like a locking a bike: with right tool and enough time, a thief can steal the bike. Sometimes slowing them down sufficiently is enough to win.

That server's root access is now vulnerable to a compromise of the systems that have the private key.

Only the server should have the private key. Why would other systems have the private key?
- The client has the private key, the server has the corresponding public key in its authorized keys file.
  The server is vulnerable to the private key getting stolen from the client.

Yes it's always better to login with a user and sudo so your commands are logged also having disable passwords for ssh but still using passwords for sudo gives you the best protection

Sudo also allows for granular permissions of which commands are allowed and which aren't.
Also double check that sudo is the right command, by doing which sudo. Something I just learned to be paranoid of in this thread.
Unless which is also compromised, my god…
- which sudo will check $PATH directories and return the first match, true. however when you type sudo and hit enter your shell will look for aliases and shell functions before searching $PATH.
  to see how your shell will execute 'sudo', say type sudo (zsh/bash). to skip aliases/functions/builtins say command sudo
  meh nvm none of these work if your shell is compromised. you're sending bytes to the attacker at that point. they can make you believe anything

A door with the best lock possible is still not as secure as no door at all

One always minimises attack surfaces and the possibility of fat fingered mistakes. The lower privileges that you grant yourself the better.

You'd think that Dave Cutler who, I believe, designed Windows NT coming from a Unix style background would have followed these principles but no. I discovered *nix late sadly.

It's another slice of Swiss cheese. If the user has a strong enough password or other authentication method through PAM, it might stop or hinder an attacker who might only have a compromised private key, for example. If multiple users have access to the same server and one of them is compromised, the account can be disabled without completely crippling the system.

Using sudo can also help you avoid mistakes (like accidentally rebooting a production server) by restricting which commands are available to the user.

It's a bad practice to log in as root even for administrative tasks. You need to run numerous commands, some of hem can be potentially dangerous while not requiring root privileges. So normally you have an admin user in the sudo/wheel group and need to login to this account. Also, this adds some protection in case your key has leaked.

I never login with the root account. Not even on the console. You don't want everything you do running as root unless it is required. Otherwise it is much easier for a little mistake to become a big mess.

If ssh has a security issue and you permit root logins then hostiles likely have an easier time getting access to root on the machine than if they only get access to your user account—then they need multiple exploits.

Generally you also want to be root as little as possible. Hence sudo, run0, etc.

Audit trails

Nope, not really. The only reason ppl recommend it is, because "you have then to guess the username too". Which is just not relevant if you use strong authentication method like keys or only strong passwords.

Don't quit your day job.
- Most comments here suggest 3 things
  least privilege: Which is ok, but on a Server any modification you do requires root anyway, there is usually very little benefit
  Additional protection through required sudo password: This is for example easily circumvented by modifying the bashrc or similar with an sudo alias to get the password
  Multiuser & audittrails: yes this is a valid point, on a system that is modified or administered by multiple ppl there are various reasons lime access logging and UAC for that
  An actual person from the pen testing world: https://youtu.be/fKuqYQdqRIs
That is absolutely not the reason ANYONE recommends it, unless you are a complete noob and entirely unfamiliar with computer security at all, and are just pulling assumptions out of your ass. Don’t fucking do that, don’t post with confidence when you’re just making shit up because you think you know better. Because you don’t.
If there is a vulnerability in SSH (and it’s happened before), attackers could use that to get into root directly, quickly, and easily. It’s an instant own.
If root login is disabled, it’s way less likely that whatever bug it is ALSO allows them to bypass root login being disabled. Now they have to yeah, find a user account, compromise that, try to key log or session hijack or whatever they set up, be successful, and elevate to root. That’s WAY more work, way more time to detect, to install patches.
If the effort is higher, then this kind of attack isn’t going to be used to own small fry servers; it’s only be worth it for bigger targets, even if they’re more well protected.
If you leave root enabled, you’re already burnt. You’re already a bot in the DDoS network.
And why? You couldn’t be bothered to type one extra command in your terminal? One extra word at the start of each command?
Sorry bitch, eat your fucking vegetables

Is there any point of logging in with a different account?

When you edit & save a file as root, root takes ownership of that file. I personally don’t like having to run chmod or chown every time I make minor changes to something.

No, that's not correct. If you create a new file as root, it will own that file. But editing an existing file doesn't change the owner or group of that file.

The multi-tennant approach to the linux operating system isn't just for security. It's the way the OS was designed to operate. You're not meant to use root as an ordinary user.

Disabling root removes the safety net, but it also plugs the security hole that leaving root enabled leaves.

Well, with root enabled, the SSH server at least need to verify the key, no? It's wasting CPU power albeit tiny amount.

It's rarely a good idea to log in as root, doubly so if it's a system with sensitive data or services that could easily be disrupted accidentally. And even more important if multiple users log in. How will you know who broke things to teach them if they don't log in first. The only time I log in to any system as root other than a test system is when I need to sftp to access files or some other system that doesn't have a way to elevate permissions.