Don't login as root warning

On a clean install of buster I installed the latest sympl but get:

ssh sympl@xxx.xxx
Please login as the user “debian” rather than the user “root”.
Connection to xxx.xxx closed

cat /home/sympl/authorized_keys

no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command=“echo ‘Please login as the user “debian” rather than the user “root”.’;echo;sleep 10” … sha-etc

I removed up to the … and all is well, but is that right?

I would expect to see something like this in the ssh config, never the authorized_keys file.

Interesting…

You can put things like that in authorized_keys to prevent people running anything other than specified in the line, and locking down access for that key.

I’ll log an issue and have a look at adjusting how the authorized_keys gets copied over from the root user.

@aye_philip Welcome to the forum! Out of interest, and if someone else comes across it, which host was that server with?

1 Like

Oh, that’s a feature that I wasn’t aware. I’ll read up on that at some point.

Thanks

Thanks guys.

The micro vm is at brightbox …

I’ve had a good think about this, and theres not really an effective way of doing this without potentially reducing security.

For example, if a key was used only for some level of management, and restricted to running one command as root, then allowing it to run anything as the Sympl user has some significant potential issues.

For that reason, I’m going to keep it as it is, but as the auahtorized_keys setup isn’t something standard (for a fresh Debian install), then it’s probably worth someone from Brightbox adding an install guide or similar to the wiki, or contributing a specific fix to the repo.

Issue 260 was opened for this, which I’m going to close for now.