Requiring admins to ssh to a different, unique-to-them, user, and use sudo from there for any operations requiring root is much better.
It's far easier to audit what's been done to the server, which is important not just for compliance but also for figuring out why something's broken suddenly.
It also means that you get to have your own shell history, your own shell settings, your own vim settings, etc, etc.
In general, having proper deployment, log collection and config management tools in place tends to mean you rarely need to scp files around at all - and the cases when you do, you can work around this by scping them to some other dir, and moving them locally with a sudo command.
...which is fine up until someone forgets to use visudo and buggers up the sudoers file so nobody can get back in to fix it.
A user login followed by su to root is a valid alternative, but I wouldn't have a problem with allowing key-only root access via sshd either.
You'd want the root key/password to be very tightly controlled for the reasons you mention, but having it set is (IMO) a worthwhile backup plan for when things go wrong.
tl;dr: "disallow root login entirely, everything else is bad" is cargo culting.
I said "impractical", not "impossible". Of course I can use sudo. But it's more work. I require root access a lot. It adds up quickly.[2]
And I hate typing passwords/passphrases. In fact, many of my passwords I can't remember. I've got an SSH agent for that, which reduces passphrase entry to yes/no (tab-space/space, actually).[1]
Also, I prefer my normal user account not to be a sudoer at all.
Besides, please consider that disallowing root access actually only gets you protection against root password guessing anyway. The "stolen key + passphrase" scenario in a sibling subthread is so absurd I felt the urge to bang my head against my desk. Sudo won't help you there either.
[1] Now please don't suggest "passwordless sudo".
[2] And there is another inelegance: /home is usually on a different partition than /, so your way will involve an additional copy. If /home is even large enough to fit that file.
[1] Why shouldn't I suggest it? Apparently it's obvious, so it would be nice to share.
[2] I'm not sure where you get that /home and / are usually on different partitions. There's usually the same partition on machines I've administered. But if that is the case, you can find/create a suitable folder on the same partition (/var/tmp/ comes to mind)
I understand you didn't say impossible, but this doesn't really seem to be impractical to me at all.
@Passwordless sudo: Because then you have effectively made your user root, and compromising your user account is enough to get root access immediately. If you do that, then why have a seperate user at all?[3]
@Partitions: Seperating /home and / prevents normal users from filling up /. (And if you put both on LVM, you can grow them as needed.) Yes, I've only had this on some of the servers I've run.
@Impractical: it's one additional command for something I do quite often[4], and I still don't see the benefit (reminder: I fully agree with never using "PermitRootLogin yes").
[3] Granted, it does provide some context seperation in the sense that if you want to perform an administrative task, you have to explicitly use sudo. But it doesn't increase security, and it offers no advantage over "direct root access + normal user account".
[4] Not just scp, but also things like "less /var/log/messages" or "git clone root@host:/etc".
And again: what does "PermitRootLogin no" gain you over "without-password"? Why restrict it for no additional benefit?
I'm not really on one side of the argument or the other, but disabling root login means that an attacker doesn't automatically know the name of an account where login is permitted for one. Certainly not the best security mechanism, but if there happened to be some 0-day on the SSH server, you're much more likely to be safe from automated attacks.
Because then root login would be disabled entirely. With "without-password" SSH-key based login is still possible (and no, that's not much of a security risk).
Is it really much harder to leak a private key than a passphrase? (It's obviously harder, but not sure whenever a difference is significant.)
While one can't peek from behind your shoulder, if they got a keylogger on your machine, they could steal ~/.ssh/id_* files as well (and sniff their security passphrases too).
Brute-forcing a key is pretty much impossible and people - despite all advice - still use short and insecure passwords. Certainly a machine that does not root login at all is better than a machine with key-based root login, but a machine with key-based root login is better than password based root login. The perfect is the enemy of the good here.
Electrically powered multicopters can carry DSLRs quite easily. If it's supposed to carry expensive equipment, you'll want to use a hexa- or octocopter though.
Of course multicopter flight times, especially with payloads, are problematic.
I don't. So is mine, but resizing it for each individual website is unnecessary work. And some websites have a legitimate need for a wider format, so you can't even say "all websites should be like this".
That maybe nghst should take a step back from HN and consider that normal people may find the original 2048 fun and may not care about its variants at all.
Giving an example is a perfectly valid way to make a point. Circumstantial doesn't mean wrong.
While this is true, I have the same feeling as jmnicolas since Linus released version 3. I guess it's because of the new release numbering scheme. Let's not forget that we had 2.6 for close to 8 years!
I see more posts about it in Hacker News and Reddit, but other than that nothing much has changed since 3.0 regarding version numbering and scheduling and that was in 2011.
Being German I'd argue that a problem is that Germany relies on the US to conduct intelligence for them and hence ignores the fact that the NSA is violating the rights of it's citizens on a massive scale.
I could understand it for a country doing it for it's direct adversaries (e.g India and Pakistan and vice versa). That's what it was historically been connected to in any case.
I especially don't want a 10000-pound gorilla country with a constant history of war, imperialism and a racist feeling of "we are the chose country of God and a great experiment" doing it globally and using it for economic and military control.
So, no, I don't like Germany doing it. Or France. Or UK. Or China. Or Japan. And especially I don't like the big kahuna doing it.
Getting by /without/ direct SSH root access is often impractical (think about scp), and without-password is a secure way to have it.
Also, the more people know about "without-password", the less people will set PermitRootLogin to "yes".