Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> So log in as root and fix the issue. Simple.

Except you can't ssh in as root any more. You have to ssh as a normal user then sudo in. Which may not be possible.

A paid on call admin may not mind driving to the data center too much. Everyone else would.



sshd runs as root, so yes, it will be possible to login as any user -- the sshd daemon will be able to function. :-)

The only files that would be appended to on user login (by sshd, which is running as root) would be /var/log/{utmp,wtmp,btmp} to record the login (in practice I've only seen wtmp). After that you have sshd logging (e.g. /var/log/{messages,syslog,auth.log}) which is picked up by syslog-ng or its equivalents, which also run as root.

Regarding not being able to login via SSH as root by default: the sshd_config default is actually `PermitRootLogin prohibit-password` which means you can login if you use public-key cryptography, it just won't allow you to login with the root password (even if it's correct.) It's good practice these days to use public keys for SSH anyway, so I wouldn't say this is much of a setback.


Logging in as the user loads the user's shell, shell config files etc. As that user. Only then you can go to being root... if you can.

As for keys, they're fine if you only ever use the same machine. Which may not happen in an emergency.


You can login as root at the console on many providers. Even where not allowed (eg. AWS) you can mount the volume on another instance and clean it up from there.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: