9
I always read I should disable root login for SSH and login with a user which has sudo. But where is the difference between:
ssh root@vps
and
ssh myuser@vps
sudo -i
I don't have physical access to my server and need root permissions per remote access in some way. Is the only advantage here, that the username is unknown?
Security Tip: Disable Root SSH Login on Linux
One of the biggest security holes you could open on your server is to allow directly logging in as root through ssh, because any cracker can attempt to brute force your root password and potentially get access to your system if they can figure out your password.
It’s much better to have a separate account that you regularly use and simply sudo to root when necessary.
3
Just disable passwords completely and use public key auth. Or at least use
– Daniel B – 2015-11-27T16:50:02.483PermitRootLogin without-password
. Also, take a look at this.1Because there isn't a good reason to allow root login? – Braiam – 2015-11-28T04:21:41.160
Because "root" is default admin login, so its easy target for SSH scanner. Also better install Fail2ban and login as normal user and the run "su" command – user956584 – 2015-12-21T17:25:37.780