Linux: Is it possible to use the ssh key pair instead or in addition to the root privileges?

I'm facing the problem of securing an embedded platform. All ssh hardening have been setup, including 2 factor authentication and login with ssh key pairs.

Now, the root and user passwords are ridiculous easy to crack, all you need is physical access to the device, leaving all measures and precautions redundant. My idea is to harden the root access with the same techniques as ssh.(hardening the sudo command and root access) However while it is a common problem across all embedded platforms, I can't find much information on this.

How do I tackle this?

Solution 1:

I am not sure what exactly you are asking for so I'll take a guess and assume that you want to harden your sudo authentication.

If this is the case and sudo on your system supports PAM then have a look at pam_ssh_agent_auth for ssh public key authentication or at pam_sss_gss (which may require properly setup FreeIPA IdM).

GCP Terraform: Unable to set subnets to be advertised via BGP on cloud router

NTP Server is setup for ntp keys. How can we configure windows server to communicate to our time server using the keys?

Why is my DNS information replicating without Zone Transfers allowed?

NGINX: Is it possible to split the `location` configuration block into multiple blocks or even into files?

Hyper-V servers joined to a domain

Windows Server 2019 DataCenter: adding disks to the Storage Pool (with mirror accelerated parity) doesn't increase storage space?

How to check if dovecot's configuration is valid? (config file syntax)

Sending emails with SMTP Relay on Office 365 via Azure VM

How to add a firewall rule per country in google cloud?

Python3 correct way to import relative or absolute?

How I can stop an animated GIF in JavaFX?

Empty string instead of unmatched group error