alt Hacker NewsWhat do you think proper architecture would be, given that ssh needs a capability to let root logins?
I suppose it could be via a proper PAM module, which is widely supported.
Too bad the first PAM RFC was published about the same time the first be version of ssh was released.
Replies
charcircuit • today at 1:17 AM
I think a proper architecture would not even have a root account. The server would just expose an authenticated endpoint that allows for configuration and updates to be pushed for it.
➕ show 1 reply
spott • today at 2:02 AM
Does ssh need to allow root logins?
Sshing as a regular user and then sudo to root works 95% of the time…
> ssh needs a capability to let root logins
One can disable root login via SSH in /etc/ssh/sshd_config. sshd also drops root priviledges once it's running IIRC.
I use use sudo or doas as a regular user once logged in.