| ▲ | nine_k 20 hours ago | ||||||||||||||||
What do you think proper architecture would be, given that ssh needs a capability to let root logins? I suppose it could be via a proper PAM module, which is widely supported. Too bad the first PAM RFC was published about the same time the first be version of ssh was released. | |||||||||||||||||
| ▲ | accrual 19 hours ago | parent | next [-] | ||||||||||||||||
> ssh needs a capability to let root logins One can disable root login via SSH in /etc/ssh/sshd_config. sshd also drops root priviledges once it's running IIRC. I use use sudo or doas as a regular user once logged in. | |||||||||||||||||
| ▲ | spott 19 hours ago | parent | prev | next [-] | ||||||||||||||||
Does ssh need to allow root logins? Sshing as a regular user and then sudo to root works 95% of the time… | |||||||||||||||||
| |||||||||||||||||
| ▲ | charcircuit 19 hours ago | parent | prev [-] | ||||||||||||||||
I think a proper architecture would not even have a root account. The server would just expose an authenticated endpoint that allows for configuration and updates to be pushed for it. | |||||||||||||||||
| |||||||||||||||||