Why shouldn't root be allowed to login via ssh?

why should root access be disabled for ssh? I always hear that's for security reasons. But I don't get it. What's different to login as non-root and then sudo su -? What's the preferred way to handle tasks that need privileged permissions?

Thanks

Thomas

Solution 1:

Sudo is the preferred way for when you need to delegate admin tasks because of its auditability and rich granularity. Sudo allows all commands to be logged and allows for the adminstrator to setup up different sudo profiles for individuals or groups.

su or root access is all or nothing

Solution 2:

Root is the one account guaranteed to be on and enabled on every single unix machine, so it's a no-brainer to pick it to attempt to brute-force the password. Without external tools (wrappers that kill obvious scanners, Intruder Prevention Devices, that kind of thing) it's only a matter of time before the password is figured out. Even with external tools preventing this kind of behavior, it's still a good idea to force incoming users to log in as a normal user and then su/sudo/pfexec up to enhanced privs. Yes, it is an extra step, and that means you'll have to create user accounts on machines that are shared between root-users, but it's another barrier between an attacker and unrestricted control of the box.

Solution 3:

The main difference is that the attacker has to guess the username too. If you let root to log in, then he just has to guess the password.

Also he can spoof a login of a user getting the ssh key or re-sending the data using the man-in-the-middle approach and he may log into the system without having to type the password. But if he logs in as a user, he has to sudo-ize commands and thus he is forced to type the password manually. If he were logged as a root, he does not need to sudo-ize things, so is one less security step.