On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
Audit trails
Its a concept called defense in depth. Without root login now you require the key AND sudo password.
Also, outside of self hosted you will have multiple people logging in. You want them to log in with their own users for logging and permission management.
The sudo password can be easily extracted by modifying the bashrc.
This was downvoted, but is a good question.
If your account is compromised, the shell init code could be modified to install a keylogger to discover the root password. That’s correct.
Still, that capture doesn’t happen instantly. On a personal server, it could be months until the owner logs in next. On a corporate machines, there may be daily scans for signs of intrusion, malware, etc. Either way, the attacker has been slowed down and there is a chance they won’t succeed in a timeframe that’s useful to them.
It’s perhaps like a locking a bike: with right tool and enough time, a thief can steal the bike. Sometimes slowing them down sufficiently is enough to win.
And who is going to edit your .bashrc?
The attacker that is currently with user privileges on the server?
How did the attacker gain your user’s privileges? Malware-infected user installation? A vulnerability in genuine software running as your user? In most scenarios these things only become worse when running as root instead.
The scenario OC stated is that if the attacker has access to the user on the server then the attacker would still need the sudo password in order to get root privileges, contrary to direct root login where the attack has direct access to root privileges.
So, now i am looking into this scenario where the attack is on the server with the user privileges: the attacker now modifies for example the bashrc to alias sudo to extract the password once the user runs sudo.
So the sudo password does not have any meaningful protection, other then maybe adding a time variable which is when the user accesses the server and runs sudo
Simple solution is to not use sudo.
Sorta like Slackware’s default.Nah just set up PAM to use TOTP or a third party MFA service to send a push to your phone for sudo privs.
And what do you suggest to use otherwise to maintain a server? I am not aware of a solution that would help here? As an attacker you could easily alias any command or even start a modified shell that logs ever keystroke and simulates the default bash/zsh or whatever.
Lots of self-important, irrational, hand-wavy responses to this question as usual.
Assuming you are the only user (sounds like it) and you secure your client device properly, then no, there is no reason not to do what you propose. Go ahead and do it, you’ll save yourself lots of redundant typing and clicking.
Others here can keep performing their security theater to ward off the evil spirits.
This is terrible advice.
“Just turn off your firewall bro, please bro, everyone just paranoid please bro enable remote root login bro 😢”
That’s not what I advised at all.
Nope, not really. The only reason ppl recommend it is, because “you have then to guess the username too”. Which is just not relevant if you use strong authentication method like keys or only strong passwords.
Don’t quit your day job.
Most comments here suggest 3 things
- least privilege: Which is ok, but on a Server any modification you do requires root anyway, there is usually very little benefit
- Additional protection through required sudo password: This is for example easily circumvented by modifying the bashrc or similar with an sudo alias to get the password
- Multiuser & audittrails: yes this is a valid point, on a system that is modified or administered by multiple ppl there are various reasons lime access logging and UAC for that
An actual person from the pen testing world: https://youtu.be/fKuqYQdqRIs
Is there any point of logging in with a different account?
When you edit & save a file as root, root takes ownership of that file. I personally don’t like having to run chmod or chown every time I make minor changes to something.
No, that’s not correct. If you create a new file as root, it will own that file. But editing an existing file doesn’t change the owner or group of that file.
I never login with the root account. Not even on the console. You don’t want everything you do running as root unless it is required. Otherwise it is much easier for a little mistake to become a big mess.
- Swiss cheese slices: make them holes too tight.
- When you run everything as root, if you fuck your shit, your shit’s fucked.
“Best practices” tend to come from other people’s whoopsies. But it’s always good to question things, too.
Zero-day exploits are security holes that exist and are used by bad actors, but aren’t yet known to you, or anyone capable of closing the hole. The clock to patch the hole doesn’t start running until the exploit is known: it stands at zero days until the good guys know it exists.
What zero-day exploits exist for ssh?
By definition, you don’t know. So, you block root login, and hope the bad actor doesn’t also know a zero-day for sudo.
Yes it’s always better to login with a user and sudo so your commands are logged also having disable passwords for ssh but still using passwords for sudo gives you the best protection
Also double check that sudo is the right command, by doing
which sudo. Something I just learned to be paranoid of in this thread.Unless
whichis also compromised, my god…which sudowill check$PATHdirectories and return the first match, true. however when you typesudoand hit enter your shell will look for aliases and shell functions before searching$PATH.to see how your shell will execute ‘sudo’, say
type sudo(zsh/bash). to skip aliases/functions/builtins saycommand sudomeh nvm none of these work if your shell is compromised. you’re sending bytes to the attacker at that point. they can make you believe anything
