You are viewing a single comment's thread from:

RE: How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!

in #sysadmin7 years ago

yeah, but confusing why sudo accepts my account password, and mint doesn't even let you log into root with su.... so I'm feeling like I'm secure because mint doesn't let me use root, but wondering if I'm less secure than I think.... :-(

Sort:  

@inquiringtimes I'm not as familiar with Mint as others, but I think it's just a flavor of Debian (to which Ubuntu is as well). You can log in to your root account by typing sudo su on the command line. Because your main account is a part of the sudoers group you have the ability to use sudo. If you're a former windows junkie who has seen the light like I was, then it's similar to right-clicking on a program and saying "run as Administrator". As long as you are using your main account and you have a secure password I think you're probably fine.

I was just stuck with windows until I installed linux without doing a dual boot... ONLY LINUX. Yes, mint is ubuntu\debian flavoured.

I got a new computer recently, I'm going to up my security in a number of ways on the new one... I love how simple linux is to use compared to 15 years ago.... the first time I tried to install linux was a nightmare... hehe. now I only am forced to learn commandline stuff occasionally, which gives me a gradual learning process on the deeper workings.

sudo asks for your permission to validate access, this is so if you login as your user, walk away and someone comes up and tries to use sudo rm -rf they need authentication.

DISCLAIMER if a person approaches just after the user walks away (tailgating), sudo will not require a password.

To force behavior of sudo to require a password:

  1. sudo visudo
  2. add Defaults env_reset,timestamp_timeout=0

Or lock your session when you leave like a good sysadmin ;)

LOL. It was your point, not mine.

Ahh, I see what you saying now, been a while since I wrote the post. :)

I have no idea what I'm doing reading something so old.