No SSH root login in EC2 instances - What's the real point?

My question is not about how to get it, I know it can be done by copying the key from ubuntu-user's folder to root's one.

My question is about to understand the motivation after this by default-limitation.

Every article, post, tutorial, etc. I have read explains that it is configured this way due to security issues, to improve it, but since EC2s, at the same time, recommends not to assign a password to the root user, any person who access to the system as ubuntu user has immediate access as root, so I don't understand this motivation.

I have thought that it could also be because many attacks may use root as default user, so it can be a good idea to use another user less common, but again, since the default user is ubuntu in each and every EC2 (the ones with Ubuntu, obviously), this doesn't seem to be a great motive to do it this way either.

Finally, I guess it may be more secure to use ubuntu user instead of directly root just as a "personal firewall", I mean, as long as one has to make a "sudo -i" to become root, one may avoid making some mistakes just because during those 2 seconds one could have the chance to think "Wait, this command I was going to run might not be such a good idea...", and that point I do understand it, but it is the only one which really seem real to me.

Summarizing, my question is whether this last point is the only one I should be worried about in case I allow root login via SSH or I am missing any important/real security point when allowing SSH root login?

Alberto Martín

Posted 2019-04-18T07:28:17.637

Reputation: 165

Answers

Yes you are missing main point. That is that user without password can't login so unsetting root password will prohibit anyone from login as root but sudoers still can get to root shell and execute command with root privileges. And prohibiting root login from ssh is good idea since a lot of attacks try dictionary attacks on users so root/admin/public are quite vulnerable.

Aroly7

Posted 2019-04-18T07:28:17.637

Reputation: 328

I don't understand your answer; I am asking about key-based logins; How do dictionary attacks have anything to do with this? That would be the reason why EC2 recommends not to set a password to root, which is something I do understand, that is not my question. – Alberto Martín – 2019-04-18T07:40:32.390

In default settings ssh have PermitRootLogin on without-password which allows ssh key login. But best practice is to use named users to connect and then sudo. – Aroly7 – 2019-04-18T07:46:45.413

That is what I mention in my question; I already know that. My question is why. – Alberto Martín – 2019-04-18T07:52:25.943

You can easily trace login on named user to real person even when using vpn/tor etc to access the server. With root enabled you can't do that, you will just see that root loged in from xxx. And second point is privilege separation not all users need all commands under root. – Aroly7 – 2019-04-18T07:57:08.193

What information do you expect to see from a user login in order to "easily trace it to the real person"? Please read my question, this is not what I am asking about. – Alberto Martín – 2019-04-18T08:06:47.507

When you run server where multiple users connect it is good to be able differentiate who has loged in. – Aroly7 – 2019-04-18T08:08:39.750

Let us continue this discussion in chat.

– Alberto Martín – 2019-04-18T08:09:24.577

There are really a couple reasons that most VM images are configured this way.

One is that users often configure the default user to log in with passwords, even if they're not originally set up that way, and many bots try dictionary attacks on the root user. If the default user is not root, the attacker must also try to guess the default user's name and password, which requires significantly more resources and therefore makes the attacker more likely to be detected when fail2ban is in use. Limiting root logins makes things harder, and security is all about defense in depth.

Another reason is that it's a best practice not to run as root whenever possible. Longtime Unix users will always want to run as an unprivileged user and sudo to root only when needed. This makes mistakes less problematic, and when there are multiple users, it makes auditability easier, since you can see who logged in and did what. Providing a default unprivileged user with sudo privileges therefore configures the system by default in a way that most users will want to use.

If you're configuring the node for your personal use and you're only using SSH keys (that is, password and challenge-response authentication are completely disabled in the config), then it's okay to use SSH as root. Just know that this wouldn't be considered a good practice for a system with multiple users or in a corporate environment.

bk2204

Posted 2019-04-18T07:28:17.637

Reputation: 261