You are viewing a single comment's thread from:

RE: How to properly setup SSH Key Authentication - If you are logging into your server with root, you are doing it wrong!

in #sysadmin7 years ago

I'm a newish Linux user with mint, which, as I understand doesn't let you use the root account. Although the main account can do root commands with sudo.. but I still don't quite understand the distinction and if, I shouldn't use that main account still. Any advice would be appreciated

Sort:  

Most "workstation" Linux builds create a regular user during the install because it is so important not to use root as your main account.

sudo just gives you temporary root permissions. You can think of the sudo command as a temporary switch user command. The su command in linux allows you to switch user so sudo is like "switch user, do as". Try it yourself, with your main account type the whoami command and it should return your username. Then type sudo whoami and and it should return root. This just tells you that what ever command you run after sudo you run with root permissions.

yeah, but confusing why sudo accepts my account password, and mint doesn't even let you log into root with su.... so I'm feeling like I'm secure because mint doesn't let me use root, but wondering if I'm less secure than I think.... :-(

@inquiringtimes I'm not as familiar with Mint as others, but I think it's just a flavor of Debian (to which Ubuntu is as well). You can log in to your root account by typing sudo su on the command line. Because your main account is a part of the sudoers group you have the ability to use sudo. If you're a former windows junkie who has seen the light like I was, then it's similar to right-clicking on a program and saying "run as Administrator". As long as you are using your main account and you have a secure password I think you're probably fine.

I was just stuck with windows until I installed linux without doing a dual boot... ONLY LINUX. Yes, mint is ubuntu\debian flavoured.

I got a new computer recently, I'm going to up my security in a number of ways on the new one... I love how simple linux is to use compared to 15 years ago.... the first time I tried to install linux was a nightmare... hehe. now I only am forced to learn commandline stuff occasionally, which gives me a gradual learning process on the deeper workings.

sudo asks for your permission to validate access, this is so if you login as your user, walk away and someone comes up and tries to use sudo rm -rf they need authentication.

DISCLAIMER if a person approaches just after the user walks away (tailgating), sudo will not require a password.

To force behavior of sudo to require a password:

  1. sudo visudo
  2. add Defaults env_reset,timestamp_timeout=0

Or lock your session when you leave like a good sysadmin ;)

LOL. It was your point, not mine.

Ahh, I see what you saying now, been a while since I wrote the post. :)