On a server I have a public key auth only for root account. Is there any point of logging in with a different account?

  • @[email protected]
    07 days ago

    Nah just set up PAM to use TOTP or a third party MFA service to send a push to your phone for sudo privs.

      • @[email protected]
        -27 days ago

        Then you can’t gain root privileges on your server. Are you really arguing for less security because it’s inconvenient?

        This is end-user behavior and it’s honestly embarrassing. You should realize your security posture is much more important than “I left my phone on the other room”

        • @[email protected]English
          47 days ago

          This thread is embarrassing,
          The person you’re responding to could wipe your ass with a cli.

        • @[email protected]English
          27 days ago

          ffs…am I dealing with children here?
          You’ve accessed your server as a user, and then you su - to root.
          You don’t need a phone or a yubi or a dreamcatcher, or a unicorn.
          Please stop with your pretension.
          You’re so far out of your league that it’s embarrassing to me that I’ve bothered to answer.

          • @[email protected]
            16 days ago

            There must at least be MFA somewhere on the path then.

            Even just keys, I wouldn’t trust, unless they are stored on smartcards or some other physical “something I have”, require a PIN/passphrase. and centrally managed so they can be revoked and rotated. Too many people use unprotected SSH keys.

      • @[email protected]
        07 days ago

        I…I don’t understand the question.

        Also, yubikey or any other token. Plenty of MFA options compatible with sudo.