Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up.
Sign up to join this community
Is it a good idea to set the SSH key directly for the root user for administrative access to a server?
Or is it better to use another user for SSH access via SSH key, followed by sudo command?
Is the answer different if the server is publicly accessible via SSH over the Internet or only on the internal network?
The question is : Is it a good idea to set the SSH key directly for the root user for administrative access to a server?
Clarify the things first:
1.) Linux tech books start with the line like : do not operate as root on your Linux OS. Considering this you do not need a key to log in as root because you do not need to log in as a root.
but...
2.) If you want to log in as a root to a Linux system remotely absolutely good idea not to use password but SSH key.
3.) Nevertheless the best solution converges to login as privileged user (member of the wheel that is sudoer) group, force to use SSH key to log in and use sudo command instead of being root user.
here is a pretty good article about security concerns about SSH : https://www.venafi.com/blog/best-practices-ssh-key-management-what-are-your-ssh-security-risks
The answer for local and internet access is the same.
In my opinion do not an directly root login to the server, same for local or internet access.
On the internet you have more risks, than on a local network.
Use always the private/public key concept!
Check for other security concepts!
Check this post also: @Todd A. Jacobs
You should also consider the security trade-offs inherent in any control you decide on. All controls require trade-offs in architectural and system security, as well as convenience and usability. Controls around SSH are no different in that regard.
Create a non root user for the access.
You can also jailed this user, to limit what he can do.
An other question is what you wanna do on the remote machine.
You can strict/jailed commands too, so you can do only a view thinks.
And you can create different user for different actions/commands on the remote machine.
Do not permit remote direct logins for root at all.
(Since the root user always exists an attacker does not need to guess that username and directly start guessing passwords.)
In /etc/ssh/sshd_config set
PermitRootLogin no
Set up an additional non-privileged user and they can use:
su - root followed by the root passwordsudo -i followed by their own personal passwordto elevate their privileges and become root.
Ideally, require key based authentication for all users and completely disable password for everybody. In /etc/ssh/sshd_config set
PasswordAuthentication no
When you can't set PasswordAuthentication no for all users and PermitRootLogin no is also impossible you can use the Match directive to selectively disable password authentication for root.
In /etc/ssh/sshd_config set at the end add:
Match User root
PasswordAuthentication no
