Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-211 days agoWhy disable ssh login with root on a server if I only log in with keys, not password?message-squaremessage-square74fedilinkarrow-up11arrow-down10file-text
arrow-up11arrow-down1message-squareWhy disable ssh login with root on a server if I only log in with keys, not password?Sandal6823@sh.itjust.works to Linux@lemmy.ml · edit-211 days agomessage-square74fedilinkfile-text
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
minus-squareWheelchairArtist@lemmy.worldlinkfedilinkarrow-up0·10 days agothat’s why root owns my .bash* stuff
minus-squareSavvyWolf@pawb.sociallinkfedilinkEnglisharrow-up0·10 days agoI don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
minus-squareWheelchairArtist@lemmy.worldlinkfedilinkarrow-up0·10 days agoyou’re right. that’s something i wanted to look into. guess setfacl would do the trick?
minus-squareMagiilaro@feddit.orglinkfedilinkarrow-up0·9 days ago“chattr +i” is what I use to make things immutable
minus-square2ndSkin@sh.itjust.workslinkfedilinkarrow-up0·10 days agoIf the .bashrc is immutable, the attacker can’t remove it. That’s how it works.
minus-squareSavvyWolf@pawb.sociallinkfedilinkEnglisharrow-up0·10 days agoThe home directory would need to be immutable, not bashrc.
minus-square2ndSkin@sh.itjust.workslinkfedilinkarrow-up0·edit-210 days ago? It’s .bashrc, not bashrc, and .bashrc is in the home directory. If .bashrc is immutable, it can’t be removed from home.
that’s why root owns my .bash* stuff
I don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
you’re right. that’s something i wanted to look into. guess setfacl would do the trick?
“chattr +i” is what I use to make things immutable
thanks
If the .bashrc is immutable, the attacker can’t remove it.
That’s how it works.
The home directory would need to be immutable, not bashrc.
?
It’s .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can’t be removed from home.