Root Login with Public Key?

tbutler

Well-Known Member
Feb 11, 2004
59
9
158
For as long as I can remember, I've disabled direct root login and required logging into a wheel group user first. But I've been thinking about installing an SSH key for root login; from a security standpoint is there any downside to this over what I've been doing? In theory, it seems to me, if I'm only allowing key-based authentication, a direct root login shouldn't be inherently insecure. Am I thinking correctly?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
14,425
2,259
363
cPanel Access Level
Root Administrator
Hey hey! You'll likely get mixed opinions on this. If for some reason the key gets compromised then they'd have direct root access, but what are the odds of that? I'm a fan of changing the SSH port, so any automated tools that are trying to log in can't even see the service running.
 

quietFinn

Well-Known Member
Feb 4, 2006
1,850
433
438
Finland
cPanel Access Level
Root Administrator
I have changed SSH port, SSH direct root login is disabled, only one user in wheel group so that user can su to root, that user has keys to login, and if that does not work can login with (VERY long) password.
If for ex. cPanel support needs to login I create user for that and add it to wheel group, AND remove it and change (VERY long) root password when work is done.
I use RoboForm password manager so I only need to remember one password.
 
  • Like
Reactions: cPRex