@[email protected] to [email protected] • edit-22 months agoWhy disable ssh login with root on a server if I only log in with keys, not password?message-square81fedilinkarrow-up197
arrow-up197message-squareWhy disable ssh login with root on a server if I only log in with keys, not password?@[email protected] to [email protected] • edit-22 months agomessage-square81fedilink
On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
minus-squareSavvyWolflinkfedilinkEnglish1•2 months agoI don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
minus-squareWheelchairArtistlinkfedilink2•2 months agoyou’re right. that’s something i wanted to look into. guess setfacl would do the trick?
minus-square@[email protected]linkfedilink4•2 months agoIf the .bashrc is immutable, the attacker can’t remove it. That’s how it works.
minus-squareSavvyWolflinkfedilinkEnglish2•2 months agoThe home directory would need to be immutable, not bashrc.
minus-square@[email protected]linkfedilink4•edit-22 months ago? It’s .bashrc, not bashrc, and .bashrc is in the home directory. If .bashrc is immutable, it can’t be removed from home.
minus-squareSavvyWolflinkfedilinkEnglish1•2 months agoIt’s the directory that needs to be writable to delete files, not the file itself. Although the immutable bit (if that’s what you’re talking about - I thought you meant unsetting the write bit) might change that, I’m not sure.
that’s why root owns my .bash* stuff
I don’t think that actually works; the attacker could just remove .bashrc and create a new file with the same name.
you’re right. that’s something i wanted to look into. guess setfacl would do the trick?
“chattr +i” is what I use to make things immutable
thanks
deleted by creator
If the .bashrc is immutable, the attacker can’t remove it.
That’s how it works.
The home directory would need to be immutable, not bashrc.
?
It’s .bashrc, not bashrc, and .bashrc is in the home directory.
If .bashrc is immutable, it can’t be removed from home.
It’s the directory that needs to be writable to delete files, not the file itself.
Although the immutable bit (if that’s what you’re talking about - I thought you meant unsetting the write bit) might change that, I’m not sure.