SSH : What is the secure way to admin a server?
by dezix from LinuxQuestions.org on (#5SKNQ)
Hi!
It is commonly recommended not to connect directly to the root account via SSH.
It is even recommended to forbid this connection with:
Code:file : /etc/ssh/sshd_config
PermitRootLogin noand in addition to that,
the remote system configuration should also forbid root connection to a console (empty /etc/securetty).
This seems very safe!
But then I wonder about the right method to log in and perform administrative tasks requiring root privileges, without ruining the previous hardenings.
My biggest concern is to have to type in a password at some point,
which if intercepted by an attacker, would give him the keys of the castle.
Here is why I am asking you :
What are you doing to overcome this issue (if there is really a issue)?
Of course I use a ssh-key (ed25519) to connect to the remote user account.
Thanks, for sharings.
It is commonly recommended not to connect directly to the root account via SSH.
It is even recommended to forbid this connection with:
Code:file : /etc/ssh/sshd_config
PermitRootLogin noand in addition to that,
the remote system configuration should also forbid root connection to a console (empty /etc/securetty).
This seems very safe!
But then I wonder about the right method to log in and perform administrative tasks requiring root privileges, without ruining the previous hardenings.
My biggest concern is to have to type in a password at some point,
which if intercepted by an attacker, would give him the keys of the castle.
Here is why I am asking you :
What are you doing to overcome this issue (if there is really a issue)?
Of course I use a ssh-key (ed25519) to connect to the remote user account.
Thanks, for sharings.