hi I want a user X to login to via ssh-key, but After i logged in i want to "su root ". So if someone manages to steal my ssh key from my pc the attacker would still need to find out the password for root What privileges are there to remove so a user X cant do any harm to the System. I can think of sudo, chmod, passwd, iptables But i dont know how to prevent the use of these commands. how do i totaly shutdown the user except for the command "su" and ssh? Please Help! Thanks! I did not find the right solution from the internet. References: -https://www.linuxquestions.org/questions/linux-security-4/how-can-i-remove-all-privileges-from-a-user-except-su-4175615811/ -animated videos
If you want better protect the access to the root console, then you can start to define allowed networks from which you will be able to access the console. This can be done in "Admin > System > Console > SSH access control", or alternatively on your Firewall. This will eliminate possibility to access from networks you don't need. Obviously as next, you can create a system user in the shell, and set PermitRootLogin to No in sshd_conf file. Then you will be able to login remotely only through that non root account, and then via "su -" with password access the root console. A bottleneck is, we can push updated sshd_conf within some further update and that custom change will be rewritten.
