Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-28 days agoWhy disable ssh login with root on a server if I only log in with keys, not password?message-squaremessage-square74fedilinkarrow-up11arrow-down10file-text
arrow-up11arrow-down1message-squareWhy disable ssh login with root on a server if I only log in with keys, not password?Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-28 days agomessage-square74fedilinkfile-text
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
minus-squareforbiddenlake@lemmy.worldlinkfedilinkEnglisharrow-up0·7 days agoThe client has the private key, the server has the corresponding public key in its authorized keys file. The server is vulnerable to the private key getting stolen from the client.
minus-square☂️-@lemmy.mllinkfedilinkarrow-up0·edit-27 days agoit is also vulnerable to whatever ssh exploits that can bypass the key
minus-squarex00z@lemmy.worldlinkfedilinkEnglisharrow-up0·7 days agoFinding an exploit in ssh is worth more than whatever your server has to offer though.
The client has the private key, the server has the corresponding public key in its authorized keys file.
The server is vulnerable to the private key getting stolen from the client.
it is also vulnerable to whatever ssh exploits that can bypass the key
Finding an exploit in ssh is worth more than whatever your server has to offer though.