1

currently I'm actually having a security concern regarding acquiring root privilege on my server.

Current situation: I login using SSH to my server and I use my user account for this, this user account can also get root privilege with the same password.

Required situation: Login with the user, require a DIFFERENT password for root privilege.

Rmano
  • 31,947
TheLinuxNoob
  • 53
  • Why? I do not see any advantage. If you need a password to share with someone, simply create another account without sudo privilege. You can activate root login, then disable sudo privileges for your account and use plain su, but in my experience that is never a good idea. – Rmano Dec 07 '14 at 10:27
  • Well if one retrieves my account/password combination they can simply login and get root privileges with possibly bad consequences. As said, I'm relatively new to the ubuntu systems and it just doesn't seem like a good idea to have two identical password (one that also gives root privileges), but that's just my opinion. – TheLinuxNoob Dec 07 '14 at 11:09
  • You have exactly the same risk of someone hijiacking the root password, no? having two of them will not help. If you need to login from an insecure site without ssh (don't), you can set up an unprivileged user; it's safer. – Rmano Dec 07 '14 at 11:11
  • Yes, that is indeed true. Since I have OpenVPN running on this machine, would making SSH only accessible from this network make it more secure? – TheLinuxNoob Dec 07 '14 at 11:22
  • I recommend reading https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-12-04 --- applies to 14.04 – Rmano Dec 07 '14 at 11:30
  • Oh wow, that is actually pretty nice! Thank you very much for your time in helping me. :) – TheLinuxNoob Dec 07 '14 at 11:37

0 Answers0