- Given that I’m the only human who should have access to a Linux server, what are the major security risks associated with updating
sudoto not require a password for my local user? - Are there other ways of making
sudoless cumbersome without running everything asroot?- I’ve already increased the timeout so I don’t have to enter my password very often per session, but for other reasons I end up disconnecting several times per day.
I have a Linux server (hosted on DigitalOcean) running a fairly popular website.
My normal process is:
- SSH into the server as
michael(uses my SSH key with I’ve already added to my ssh-agent) - When I need to run something as
root(to restart a service, edit cron jobs forwww-data, etc):- I use
sudo [cmd], which requiresmichael‘s password - I copy that password (a long random string) from my password manager and paste it into the terminal
- I use
One of my colleagues says they don’t bother with a regular user account — they always SSH as root. I’d rather NOT do that — I like knowing that I won’t accidentally cause serious problems unless I use sudo.
It would be nice, since I’m the only human who logs into this server, to SSH as a regular user but still not have to enter a password to run something as the superuser — without substantially increasing risk.
