Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

sudo: command not found - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

sudo: command not found

2»

Comments

  • plumbergplumberg Veteran

    @emg said:

    @plumberg said:

    You guys do not login via root for everything?

    Thanks for sharing the same... my comment was more on a sarcastic note than serious one... 🙃

    Thanked by 1emg
  • emgemg Veteran
    edited June 4

    @emgh said:

    I just turn on every security thing in sshd_config, disable root password, and use root with my ssh key

    I'm way too lazy for sudo su

    That works. As I said, there is no perfect answer and I will not argue with those who follow different practices. If it works for you and your your security configuration is satisfactory, who can argue with that?

    I do not allow root login over SSH. If I want root, I must login using the unprivileged and essentially unused remote SSH account. I can "su" to the admin account from it, and "sudo" from the admin account if I want superuser (root) privileges. Yes, two additional steps after login, but it has kept my systems safe for a long time.

    I edit the default SSH configuration file with the following changes:

    • Port - change the SSH port away from 22. This is less for security and more to avoid the logging activity from all the bots and script kiddies that hammer port 22. Keep in mind that there are security considerations between choosing an available well-known port lower than 1024 and a higher random port.
    • PermitRootLogin no
    • PasswordAuthentication no - I use public key authentication only. Quick, easy, secure when done right, no password required.
    • AllowUsers unprivileged-SSH-only-account - After logging in, you find yourself with nothing interesting. You must "su" to whichever account has your work. Another layer of defense, that's all.

    I use "visudo" to modify the sudoers list. The admin account is the only account that I enable for sudo. I give it full privileges "adminaccount ALL=(ALL) ALL", but others may be more restrictive. You are not required to use "visudo", but it is recommended for editing the sudoers list. For those who do not like "vi", I noticed that the latest distros open visudo in nano instead of vi. There are other ways that people configure sudo access such as using group privileges.

Sign In or Register to comment.