On a server I have a public key auth only for root account. Is there any point of logging in with a different account?

  • forbiddenlake@lemmy.world
    link
    fedilink
    English
    arrow-up
    10
    ·
    2 months ago

    The client has the private key, the server has the corresponding public key in its authorized keys file.

    The server is vulnerable to the private key getting stolen from the client.

    • BCsven@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      For ssh they both have private and public keys. The server could be at risk of having it’s own private key compromised if somebody breaks in, and vice versa a compromised client can lose its private key. The original wording made it sound like a compromised server would steal client keys.

      Also passworded keys are recommended