Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-29 days agoWhy disable ssh login with root on a server if I only log in with keys, not password?message-squaremessage-square25fedilinkarrow-up11arrow-down10file-text
arrow-up11arrow-down1message-squareWhy disable ssh login with root on a server if I only log in with keys, not password?Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-29 days agomessage-square25fedilinkfile-text
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
minus-squaredeadbeef79000@lemmy.nzlinkfedilinkarrow-up1·9 days agoThat server’s root access is now vulnerable to a compromise of the systems that have the private key.
minus-squareBCsven@lemmy.calinkfedilinkarrow-up0·8 days agoOnly the server should have the private key. Why would other systems have the private key?
minus-squareforbiddenlake@lemmy.worldlinkfedilinkEnglisharrow-up1·8 days agoThe client has the private key, the server has the corresponding public key in its authorized keys file. The server is vulnerable to the private key getting stolen from the client.
That server’s root access is now vulnerable to a compromise of the systems that have the private key.
Only the server should have the private key. Why would other systems have the private key?
The client has the private key, the server has the corresponding public key in its authorized keys file.
The server is vulnerable to the private key getting stolen from the client.