Login with root?

,

hi!

i saw in the sshd_config file that root login is disabled for reasons i couldn’t understand.

now, there are cases where i need to transfer files from my machine to the server through sftp/filezilla and that would require a root access because i need to reach the directory /var/www/ .

is it safe and/or the best move to turn root login on for this reason only?
what are the potential risks i might encounter in the future?

It’s never recommanded to let root user remote connect to a public server (public = accessible on Internet).

To send files to /var/www/ use the dedicated user of every app.
E.g. connec with user my_app for /var/www/my_app/.

Or connect as admin an sudo

1 Like

Root is disabled on public internet ip, if you are on a local network you should be able to login with root with the local ip of your server (generally yunohost.local could be use).

Alternatively, you can create a ssh tunnel:

ssh admin@example.com -L 22:localhost:22

And configure Filezilla with this:

Host: localhost
port: 22
user: root

im currently asking for pelican which doesn’t have a dedicated user (as far as i understand).

doing that requires so many other extra passages tho, like changing directories ownership and such.

how does this change if i have setup a different port for my ssh?

I’m running Yunohost 11.0.11 which I installed a couple of weeks ago.

I’m curious about the discussion here, because root login is not disabled on my server. I was even able to SSH to the server as root on a WAN interface.

I don’t actually mind that it is so, since I’ve now disabled password login over SSH. But root is not disabled and su + the admin password for Yunohost gives me a root shell. So it seems admin and root share the same password.

I wonder if that was perhaps a quirk of that version?

Root login is enabled on the local network, see the comment at the end of /etc/ssh/sshd_config

Yes, that’s the expected behavior, though since 11.1 is released, we advise to get rid of the legacy admin user and user regular users instead, member of the “admins” group.

1 Like