Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-27 months agoWhy disable ssh login with root on a server if I only log in with keys, not password?message-squaremessage-square71fedilinkarrow-up184arrow-down14file-text
arrow-up180arrow-down1message-squareWhy disable ssh login with root on a server if I only log in with keys, not password?Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-27 months agomessage-square71fedilinkfile-text
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
minus-squareSavvyWolf@pawb.sociallinkfedilinkEnglisharrow-up1arrow-down1·7 months agoI don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
minus-square2ndSkin@sh.itjust.workslinkfedilinkarrow-up6·7 months agoIf the .bashrc is immutable, the attacker can’t remove it. That’s how it works.
minus-squareSavvyWolf@pawb.sociallinkfedilinkEnglisharrow-up1·7 months agoThe home directory would need to be immutable, not bashrc.
minus-squareWheelchairArtist@lemmy.worldlinkfedilinkarrow-up2arrow-down1·7 months agoyou’re right. that’s something i wanted to look into. guess setfacl would do the trick?
I don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
If the .bashrc is immutable, the attacker can’t remove it.
That’s how it works.
The home directory would need to be immutable, not bashrc.
you’re right. that’s something i wanted to look into. guess setfacl would do the trick?