On Fri, 21 Feb 2025 13:17:21 +0800 jeremy ardley <jeremy.ard...@gmail.com> wrote: > > Logging in as root on a server is highly dangerous, especially if it > has an internet facing ssh port.
There is an approach which might be helpful here and there: spawn a second ssh daemon with root login and bind network to localhost and different port. With key login and forwarding it is a bit more convenient than sudo, e.g. rsync setups are easier to have in batch mode. YMMV There are still ways to improve security based upon this idea, e.g. usage of different keys and/or tunneling the login with user ssh to root ssh. The last option prevents socket hijacking by an intruder at user level. -- kind regards Frank
pgpryZ9J5T_rs.pgp
Description: OpenPGP digital signature
