[Novalug] ssh as root ( beating a dead horse into the ground)

Tue Mar 6 19:02:53 EST 2012

> You don't need it and hence you shouldn't make your system more
> vulnerable than necessary. 

I think I do need a way to run the occasional command as root, and sometimes
I can't predict that command.

> If your goal is to have an open system and
> ...should read into this thread that it's not a good practice to ever login
> as root. That doesn't mean people don't do it - and there's a good deal
> of those who do, who live to regret it (eventually).

I am definitely getting that. I have lived to regret commands as root,
believe me.
>> I still suggest that if a user account has full sudo it amounts to about
>> the same thing as root. 

> No. Unless you find yourself writing "sudo" at every command. Without
> being root, you avoid making mistakes as "rm -rf / mytmp/bla"...
Actually this is very interesting. This is a different argument than has
come up so far. What I was
referring to was the risk of the password being sniffed or found by
brute force attack. If a user has wide open sudo, then their account is
as powerful as root and also vulnerable to sniffing etc. But if they
have limited sudo then the problem of the unpredicted command comes in.

What you raise is the issue of doing everyday stuff as root and
accidentally doing some disastrous rm -rf / type thing, which is a good
reason to only use root when necessary. I don't think it requires that
you make it impossible to ever gain root.
>> And su requires sending the root password.  I
>> don't want to be running a server that I can't have full control over
>> from a remote location.
> su is very old and I would try not to use it. At least with pam we can
> add additional security features to su, but still - it's really not
> necessary to become root. It's a great tool the other way around though.
>
>  Passwords are really a legacy
> thing. 
(I've been using passwords with a tool to store them in an encrypted
file. ssh keys and such are good but they're not always an option (eg on
web sites)   )

So it seems to me that the issues raised are:

1. root login from outside could be hijacked or cracked.
2. running as root is inherently dangerous because of the possibility of
pilot error.
3. on a system with multiple users who can do admin tasks, forcing sudo
gives whoever has actual root the ability to know who did what via sudo.
Giving blanket sudo does not enforce this.
4. su is vulnerable.

And my scenario is:

I want to be able to run commands as root while away from the box and I
don't want to be limited to the commands I anticipated needing. I am the
only one with root.

I'm really wondering if I should change my practices with regard to my
home server but the thought of giving up that access is really bothersome.