Sandal6823@sh.itjust.works to Linux@lemmy.ml · 10 months agoWhy disable ssh login with root on a server if I only log in with keys, not password?message-squaremessage-square75linkfedilinkarrow-up11arrow-down10file-text
arrow-up11arrow-down1message-squareWhy disable ssh login with root on a server if I only log in with keys, not password?Sandal6823@sh.itjust.works to Linux@lemmy.ml · 10 months agomessage-square75linkfedilinkfile-text
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
minus-squareSavvyWolf@pawb.sociallinkfedilinkEnglisharrow-up0·10 months agoI don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
minus-square2ndSkin@sh.itjust.workslinkfedilinkarrow-up0·10 months agoIf the .bashrc is immutable, the attacker can’t remove it. That’s how it works.
minus-squareSavvyWolf@pawb.sociallinkfedilinkEnglisharrow-up0·10 months agoThe home directory would need to be immutable, not bashrc.
minus-square2ndSkin@sh.itjust.workslinkfedilinkarrow-up0·10 months ago? It’s .bashrc, not bashrc, and .bashrc is in the home directory. If .bashrc is immutable, it can’t be removed from home.
minus-squareWheelchairArtist@lemmy.worldBannedlinkfedilinkarrow-up0·10 months agoyou’re right. that’s something i wanted to look into. guess setfacl would do the trick?
minus-squareMagiilaro@feddit.orglinkfedilinkarrow-up0·10 months ago“chattr +i” is what I use to make things immutable
I don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
If the .bashrc is immutable, the attacker can’t remove it.
That’s how it works.
The home directory would need to be immutable, not bashrc.
?
It’s .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can’t be removed from home.
you’re right. that’s something i wanted to look into. guess setfacl would do the trick?
“chattr +i” is what I use to make things immutable
thanks