Why disable ssh login with root on a server if I only log in with keys, not password?

Sandal6823@sh.itjust.works · 11 months

On a server I have a public key auth only for root account. Is there any point of logging in with a different account?

WheelchairArtist@lemmy.world · 11 months

that’s why root owns my .bash* stuff

SavvyWolf@pawb.social · 11 months

I don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.

2ndSkin@sh.itjust.works · 11 months

If the .bashrc is immutable, the attacker can’t remove it.
That’s how it works.

SavvyWolf@pawb.social · 11 months

The home directory would need to be immutable, not bashrc.

2ndSkin@sh.itjust.works · 11 months

?

It’s .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can’t be removed from home.

SavvyWolf@pawb.social · 11 months

It’s the directory that needs to be writable to delete files, not the file itself.

Although the immutable bit (if that’s what you’re talking about - I thought you meant unsetting the write bit) might change that, I’m not sure.

WheelchairArtist@lemmy.world · 11 months

you’re right. that’s something i wanted to look into. guess setfacl would do the trick?

Magiilaro@feddit.org · 11 months

“chattr +i” is what I use to make things immutable

WheelchairArtist@lemmy.world · 11 months

thanks

Magiilaro@feddit.org · 11 months

deleted by creator