On a server I have a public key auth only for root account. Is there any point of logging in with a different account?

  • JasonDJ@lemmy.zip
    0·
    2 days ago

    Nah just set up PAM to use TOTP or a third party MFA service to send a push to your phone for sudo privs.

      • 4am@lemm.ee
        0·
        2 days ago

        Then you can’t gain root privileges on your server. Are you really arguing for less security because it’s inconvenient?

        This is end-user behavior and it’s honestly embarrassing. You should realize your security posture is much more important than “I left my phone on the other room”

        • miss_demeanour@lemmy.dbzer0.comEnglish
          0·
          2 days ago

          ffs…am I dealing with children here?
          You’ve accessed your server as a user, and then you su - to root.
          You don’t need a phone or a yubi or a dreamcatcher, or a unicorn.
          Please stop with your pretension.
          You’re so far out of your league that it’s embarrassing to me that I’ve bothered to answer.

          • JasonDJ@lemmy.zip
            0·
            11 hours ago

            There must at least be MFA somewhere on the path then.

            Even just keys, I wouldn’t trust, unless they are stored on smartcards or some other physical “something I have”, require a PIN/passphrase. and centrally managed so they can be revoked and rotated. Too many people use unprotected SSH keys.

        • slothrop@lemmy.caEnglish
          0·
          2 days ago

          This thread is embarrassing,
          The person you’re responding to could wipe your ass with a cli.

      • JasonDJ@lemmy.zip
        0·
        2 days ago

        I…I don’t understand the question.

        Also, yubikey or any other token. Plenty of MFA options compatible with sudo.