1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • ssh root login (was: Debian 12.9 and use of sudo for regular accounts)

    From Frank Guthausen@21:1/5 to jeremy ardley on Fri Feb 21 12:10:01 2025
    On Fri, 21 Feb 2025 13:17:21 +0800
    jeremy ardley <[email protected]> wrote:

    Logging in as root on a server is highly dangerous, especially if it
    has an internet facing ssh port.

    There is an approach which might be helpful here and there:

    spawn a second ssh daemon with root login and bind network to
    localhost and different port. With key login and forwarding it
    is a bit more convenient than sudo, e.g. rsync setups are easier
    to have in batch mode. YMMV

    There are still ways to improve security based upon this idea, e.g.
    usage of different keys and/or tunneling the login with user ssh to
    root ssh. The last option prevents socket hijacking by an intruder
    at user level.
    --
    kind regards
    Frank

    -----BEGIN PGP SIGNATURE-----

    iQGzBAEBCgAdFiEE86z15c6qwvuAkhy+zDIN/uu9BloFAme4XMwACgkQzDIN/uu9 BloPLAv/RPV0eia221l1gAIB2SHm/C3XBzXyxRNy2y3co1tC4XshcgnttznHrWNv WEj7AW4ZXNplw4kZewWtLxfWbfPF5BWzlOFv0zgj6u4c19hYjVTTe7/QJMxvGbeb DFhQ3l8j2+BqwOThTZ0xMhVyf6PYtMFB/FkYDj9LeH/yMsTesvJNHDsSntbFHCNl Vjs+0KB4srzTE18zzFgRkeYgJW8BmYfUW9r/xswHf9m8wxCwi2AhAMx10fUG44Tk KtI8P/nwasPnVy5+0D/nRoxMX+d8JPP+GXhsk16wKYiwy2oTcvB8DSlsMitbbdQv Uz5uJtjNA/dDp6O5+hjHp8MBjkMvokpJ3w0js43GeIhM5ee42GcyDJek2DrQES6k XDVysUz8N8Znd2dso/rT8sg96OH11Q8NZP332GKZV+cDSdSeekKpuI1vkMiKm05T V9kVOBxoTI0yvKdHnfiZY0c/a9Qnxp5d7FdTwbJ/c15Eo2V+DeYTpoveJg7nf1JU
    bW0LYOOP
    =F9Ia
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)