[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Voyeur Cams | Click for more| Home]

This is not a ruse cruse /g/. Why does everyone say to disable

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.
Voyeur Cams

Thread replies: 28
Thread images: 4

File: authorization[1].png (26KB, 316x342px) Image search: [iqdb] [SauceNao] [Google]
authorization[1].png
26KB, 316x342px
This is not a ruse cruse /g/.
Why does everyone say to disable root after setting up a linux server? The only questionably valid answer iv found is to make you type su before doing stupid things.
>>
File: 1396829088873.gif (213KB, 300x220px) Image search: [iqdb] [SauceNao] [Google]
1396829088873.gif
213KB, 300x220px
oh come on, there has to be at least 1 linux admin on. Should I remake this thread at 1a.m.?
>>
What you need to do is not give your root users ssh access so that you at very least have to have physical access to the server to do stupid things.
You're not worried about stuff like what's in your picture on your server, because typically you're not using it for user-level stuff. You're worried about services hosted on your server being compromised.
>>
>>51492655
If someone has physical access you're fucked anyway.
>>
xkcd misses the point although I'm not really surprised. root user has access to every account on the machine not just the ability to install software. If there was more than one user on the machine then everyone's personal information would be visible to the root user. His macbook may not matter but on a server that can lead to a real shitstorm.
>>
>>51492655
Because if you are not half stupid than you realize that most of the lines on that picture don't exist and many of them are only one way arrows instead.
>>
>>51492949
>You're worried about services hosted on your server being compromised.
But if the su user account gets compromised they can still compromise all of said services.
Can you still SSH into the machine as root if root is disabled? I'm stupid.

>>51493730
>If there was more than one user on the machine then everyone's personal information would be visible to the root user.
If its a DNS server that does nothing else with no users whats wrong with using root?
>>
>>51492655
If someone bruteforces into the root account, you're GG'd forever. If someone bruteforce's into an account in the wheel group, they still need to bruteforce their way into getting superuser access, which is harder.
>>
You can't use a cute username as root for when you post your screenfetch on /g/.
>>
File: 1419156343142.gif (1MB, 480x360px) Image search: [iqdb] [SauceNao] [Google]
1419156343142.gif
1MB, 480x360px
>>51494290
Yea, but if there is only 1 account, and it can do everything the root account can do... whats the point?

also
>If someone bruteforces into the root account, you're GG'd forever.
Not if I just load up a backup and change the PW.

>>51494337
>screenfetch
Thank fuck I finally know how everyone is doing that.
>>
>>51494457
>and it can do everything the root account can do
That's the point, it can't.
>>
>>51492655

Yeah, that is why you disable remembering passwords in your web browser and use some password manager like keepass or password-store that has a plugin for your browser and simply use the master password whenever you want to log in into anything in your browser.

There, I solved it.
>>
>>51493507
Are you new?
>>
>>51494490
>>
>>51494513
>>51493507
>>51493730
>>51493813

Wow that comic triggered a lot of people.
>>
>>51492655
>if someone breaks into my house they can kill me
>>
>>51492655
As far as I'm aware, you disable it so that automated SSH bots have more trouble trying to brute-force into your account. Most of the SSH bots will try to log-in with username "root" but if that account is disabled they are unable to login.

The bots don't know what you made your username, so they cant get in.
>>
>>51492655
>not having several different user accounts for different purposes
munroe is an idiot. does he think he's going to run out of uids?
>>
>>51494457
why is she cutting bread with a doorstop?
>>
>>51492655
Things Linux doesn't have:
>"the" screen
>"the" keyboard
>"the" nic
>"the" user

Things linux does have:
>0-N screens
>0-N keyboards
>0-N nics
>0-N users

Even phones allow multiple users these days, so stop trying to shoehorn the concept of "the" user into your system and just go along with the fact that Linux was made for supporting multiple users, and that a single user system is just a multiuser system with 1 current user account.
>>
>>51494199
>running a server as root
Oh lawdy. If that server ever gets exploited somehow they've got everything
>if I disable root can I still login as root over ssh
No. That's kind of the point
>>
>>51492655

>he has his passwords saved
>>
>>51494866
Who actually sets up different accounts for mail / paypal / facebook, photos etc? way too much effort.
>>
>>51495910
I even create different userspaces for every account
Qubes is great
>>
>>51492655
You disable root SSH so it can't be guessed easily like >>51494744 said.
Every Linux distro has root and it has all the rights so that's the one that bots want to guess. If you disable root SSH login they can't connect to it. You can still have root privileges if you SSH with another username and just "su" into root. It doesn't make your life harder, it makes malicious hacker's life harder. They have to guess your username, a password for it and then the root password. That's a lot harder than just brute forcing root with different passwords.
>>
>>51492655
You are a dumb fuck if you don't understand different layers of security that involve having physical axx to your laptop and not having it. Nobody is going to hold your hands here. Go set up your server and always run everything as root. PermitRootLogin in your ssh. Use ssh v1. Never use sudo. Don't even start reading about *.certs and private keys. Your server will be online for like 1 day before it's turned into a proxy machine / botnet / cp dump / bouncer.
>>
Is it summer already?
>>
I enable root access, but I'm the only one who uses my server. 4096 bit key, not on the default port. Haven't even had a break in attempt. I think I'm good, am I wrong?
Thread posts: 28
Thread images: 4


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.