On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
You must log in or # to comment.
- Swiss cheese slices: make them holes too tight.
- When you run everything as root, if you fuck your shit, your shit’s fucked.
“Best practices” tend to come from other people’s whoopsies. But it’s always good to question things, too.
Its a concept called defense in depth. Without root login now you require the key AND sudo password.
Also, outside of self hosted you will have multiple people logging in. You want them to log in with their own users for logging and permission management.