Best practice is to remove the ability of 'root' to login over ssh. However, I need to run some Ansible commands and am currently connecting via a user called "amdhske" and then have set this user up to not need to enter password to do sudo otherwise Ansible needs to keep the user's password hanging around.
So what is the point of disabling root access in this case? Any attacker who gets in to the "amdhske" user account over ssh can then sudo the heck out of the server. I am guessing the only advantage here is that by choosing a lengthy random username makes it highly unlikely an attacker would know about it whereas 'root' is the default username for, well, 'root'. Is there any other reason?
Best Answer
Pretty easy. Two reasons:
You can limit what you can sudo with no password with your user. You just enter the proper configuration in sudoers files:
If you login with root, then you have all the permissions to do anything.
That it is why is a good security practice to disable root ssh login.