SSH Root Key: Security Risks & Alternatives

TL;DR

Creating an SSH key directly for the root user is generally a bad idea from a cyber security perspective. It significantly increases the risk if that key is compromised, as it grants full system access. Use a normal user account with sudo instead.

Why Root SSH Keys Are Risky

The root account has unrestricted power on your Linux or macOS system. If an attacker gains access to the private part of a root SSH key, they have complete control. Here’s why it’s problematic:

• Increased Attack Surface: A dedicated root key is another potential target for attackers.
• Audit Difficulty: It makes tracking who did what on the system harder – everything looks like it came from root.
• Key Compromise Impact: If the key gets stolen (e.g., through a compromised laptop or insecure storage), your entire server is at risk.

How to Avoid Using Root SSH Keys

Here’s how to set up secure SSH access without directly using a root key:

1. Create a Normal User Account

1. Log in as an existing user with sudo privileges (or log in as root initially, but follow the remaining steps to create a normal user).
2. Use the useradd command to create a new user:

sudo useradd -m -s /bin/bash yourusername

Replace yourusername with the desired username.

2. Set a strong password for the new user:

sudo passwd yourusername

2. Generate an SSH Key Pair for the New User

3. Log in as the newly created user (e.g., using su - yourusername or a new terminal session).
4. Generate an SSH key pair:

ssh-keygen -t rsa -b 4096

Accept the default file location (~/.ssh/id_rsa) and consider using a passphrase for extra security.

3. Copy the Public Key to the Server

4. Copy your public key (usually ~/.ssh/id_rsa.pub) to the server’s authorized_keys file for the user. There are several ways to do this:
   • ssh-copy-id: The easiest method if you have password access.

     ssh-copy-id yourusername@yourserverip

   • Manual Copy: Use scp to copy the file, then log in via SSH and append it to ~/.ssh/authorized_keys.

4. Configure Sudo Access

5. Edit the sudoers file using visudo (very important: use visudo to avoid syntax errors):

   sudo visudo

6. Add a line allowing your user to run all commands with sudo. For example:

   yourusername ALL=(ALL:ALL) ALL

7. Save and close the file.

5. Disable Root SSH Login (Recommended)

6. Edit the sshd_config file:

   sudo nano /etc/ssh/sshd_config

7. Find the line PermitRootLogin yes and change it to PermitRootLogin no.
8. Restart the SSH service:

   sudo systemctl restart sshd

Summary

Using a normal user account with sudo and disabling root SSH login is a much more secure approach than creating an SSH key directly for the root user. It limits the impact of potential security breaches and improves system auditing.