i saw in the sshd_config file that root login is disabled for reasons i couldn’t understand.
now, there are cases where i need to transfer files from my machine to the server through sftp/filezilla and that would require a root access because i need to reach the directory /var/www/ .
is it safe and/or the best move to turn root login on for this reason only?
what are the potential risks i might encounter in the future?
It’s never recommanded to let
root user remote connect to a public server (public = accessible on Internet).
To send files to
/var/www/ use the dedicated user of every app.
E.g. connec with user
Or connect as
Root is disabled on public internet ip, if you are on a local network you should be able to login with root with the local ip of your server (generally yunohost.local could be use).
Alternatively, you can create a ssh tunnel:
ssh firstname.lastname@example.org -L 22:localhost:22
And configure Filezilla with this:
im currently asking for pelican which doesn’t have a dedicated user (as far as i understand).
doing that requires so many other extra passages tho, like changing directories ownership and such.
how does this change if i have setup a different port for my ssh?
I’m running Yunohost 11.0.11 which I installed a couple of weeks ago.
I’m curious about the discussion here, because root login is not disabled on my server. I was even able to SSH to the server as root on a WAN interface.
I don’t actually mind that it is so, since I’ve now disabled password login over SSH. But root is not disabled and
su + the admin password for Yunohost gives me a root shell. So it seems
root share the same password.
I wonder if that was perhaps a quirk of that version?
Root login is enabled on the local network, see the comment at the end of /etc/ssh/sshd_config
Yes, that’s the expected behavior, though since 11.1 is released, we advise to get rid of the legacy admin user and user regular users instead, member of the “admins” group.