On Thu, 29 Jun 2023 at 23:42, Greg Wooledge <g...@wooledge.org> wrote:
> The answer to this is [...] just ssh in as root instead of nonroot + sudo. > > Some folks will scream that this is a bad idea, horrible practice, can't > do it, etc. These folks are idiots. Ssh can be configured to allow root > logins only when using key authentication. That's as secure as you could > ask for. Certainly it's at *least* as secure as throwing a password around > and using sudo and invoking layers of quoting hell. > Furthermore, ~root/.ssh/authorized_keys can be set up so that an ssh key only allows one particular command to be run. (Use multiple keys if you have multiple commands you want to run.) -Martin
