Ask HN: Why disable SSH root login with key only?

4 points by kosolam ↗ HN

12 comments

[ 3.4 ms ] story [ 31.4 ms ] thread
Is the following config secure?

Include /etc/ssh/sshd_config.d/.conf

UsePAM yes

PrintMotd no

AcceptEnv LANG LC_

PermitRootLogin prohibit-password

PasswordAuthentication no

PermitEmptyPasswords no

ChallengeResponseAuthentication no

KerberosAuthentication no

GSSAPIAuthentication no

X11Forwarding no

PermitUserEnvironment no

A question for Stack Overflow not HN
Stackoverflow will send me to serverfault and serverfault will say it’s my fault. I don’t see a reason this doesn’t fit hn
Because HN would become overfilled with "my program doesn't work, help" like questions.

Content here is mainly supposed to fill intellectual curiosity. Support like questions do not align with that.

I used Stack Overflow for their family of sites, of course you need to select the right one (unfortunately, wish they had just one)

Nah.. I think you’re completely wrong. Your kind of comments are exactly the kind of content that shouldn’t be on HN
The key might leak or be stolen, the server might be misconfigured, the valid user may still need not be root, etc.
Point in our case is ssh always leads to root kind operations (because of admin’s role). So it’s always ends up with using sudo - but password-less (because needed for non interactive sctipts). So it’s more or less the same as root login.. thus the reasoning of why not just use root in the first place?
A better question might be why you have to login to run these scripts.

Perhaps rethink how you view and solve the problem?

If your key leaks you have bigger problems. Passwords are just as vulnerable to those same problems. Both should be encrypted.

If you leave password enabled you need to harden the env as you be getting git by every script kiddy the second your public IP is ready.

You shouldn't be logging into these systems manually either - you should be provisioning them with the OS's default config tools like Ubiquiti or Cloud-init, storing the configs and creds in encrypted formats and the feeding them to chef/puppet/Ansible or any other configuration management tool.

Humans shouldn't be fucking with production systems, they should be making commits to git that are applied by automated systems.

Guys, eventually any tool used to make changes in production will need access to production. It’s done either with by sshing into the server. Or by running custom software on the server that allows connection from outside. The way to ssh is with a key. Passwords are bad. Thus the original question, root login using ssh key vs sudo?