Why don't they disable root logins with password period and only allow SSH key authentication?
Also if you put a passphase on your SSH key does that mean you have to enter it every time you want to SSH to the server (in order to unlock the key) or does it stay cached on most SSH clients (ssh on mac terminal, putty on windows, etc).
Isn't watching failed logins kind of useless? I think it is more important to see what successful logins were made.
They do, don't they? Later down there is a section Enforce ssh key logins. However that makes activating the root account even stranger.
The thing with the ssh key passphrase makes not much sense to me. I think this is just about "keep your private key save". On linux, passwords like this (like gpg) get cached by the usual password input clients.
You are right about watching the successful logins first. He writes it is to raise awareness.
> Isn't watching failed logins kind of useless? I think it is more important to see what successful logins were made.
Are you talking about Fail2Ban? I'm not an expert but my guess is that it's defense in depth. Rate limiting failed logins is useful in the case where you messed up somewhere else and have a service/login that is vulnerable to password guessing.
I would imagine that auditing successful logins is definitely useful but was left out of the guide for brevity.
Also if you put a passphase on your SSH key does that mean you have to enter it every time you want to SSH to the server (in order to unlock the key) or does it stay cached on most SSH clients (ssh on mac terminal, putty on windows, etc).
Isn't watching failed logins kind of useless? I think it is more important to see what successful logins were made.