Why should you use sudo?

0
Shares
0
0
0
0
0
0
Table of Contents
  1. Introduction
  2. What’s sudo?
  3. Everyone Loves sudo!
  4. Why did the use “sudo” trend start?
  5. Other Security Best Practicies to Consider aside from utilizing “sudo”
    1. Stop allowing password-based root logins via SSH!
    2. Say no to root logins via SSH
    3. Linux flavours don’t do sudo correctly
    4. Cloud Providers are doing it wrong, kinda.
    5. Bastion Hosts FTW (For the Win)!
  6. What are some good reasons to use sudo?
    1. Auditing is easily turned on for sudo
    2. Automated deployments + Restricting Access
  7. What do I think?
  8. Changelog

Content Error or Suggest an Edit

Notice a grammatical error or technical inaccuracy? Let us know; we will give you credit!

Introduction

There was a question on the popular GridPane Facebook Group asking about login in as the system user for each site when setting up cronjobs. The discussion then proceeded to use sudo versus logging in as root.

What’s sudo?

Here’s a good explanation from the first return on google.com when searching “sudo”

Sudo is a command-line utility for Unix and Unix-based operating systems such as Linux and macOS. The utility provides an efficient way to temporarily grant users or user groups privileged access to system resources so that they can run commands that they cannot run under their regular accounts.

https://www.techtarget.com/searchsecurity/definition/sudo-superuser-do#:~:text=Sudo%20is%20a%20command%2Dline,run%20under%20their%20regular%20accounts.

Here’s a quick interview with the person who invented sudo

Everyone Loves sudo!

You’ll find that a majority of guides will provide most commands with sudo prefixed to them. Why? The idea is that it’s more secure, but in reality, the original reasoning for sudo was simply to allow more than one person to have root access to a machine that was used by multiple staff to run jobs.

Why did the use “sudo” trend start?

But let’s talk about why this trend started happening. There was a time when you would install a flavour of Linux and set a root password. You’d then log in to the server with the root password and do what you needed to do. This was insecure; by default, this allows root logins via SSH with a password. If that password was compromised, or it’s extremely weak (See the movie Hackers) you’re going to get owned pretty quickly with a brute force attack.

I would group this in with changing your SSH port. It’s really an inconvenience, more than anything. However, it can be used to mitigate attacks. Especially when there are multiple users managing the system

Other Security Best Practicies to Consider aside from utilizing “sudo”

Stop allowing password-based root logins via SSH!

So how do you avoid this? Set a root password, store it safely, and enable SSH key-based logins to root only. Make sure that your SSH key was protected with a password!

It’s now harder for an attacker to gain access to the system as they need to own your SSH key, which is also password protected. You still have a password for root, which you can use at the console (local keyboard and mouse) or when you need to login via single-user mode to fix a failed raid or fsck a hard drive. It took a while to adopt ssh-key only root logins. But it’s pretty much gold standard now.

Say no to root logins via SSH

The next step was to eliminate root logins directly over SSH altogether, instead during the installation of a majority of Linux flavors and cloud provider installs. You’ll be asked to create a local user and a root password. To log in as root you need to log in as the local user, use an SSH preferably and then use one of the following methods to login as root.

You can su - and use the root password, run a single command using sudo ps -auxwwf or login to a root shell by running sudo su -

Linux flavours don’t do sudo correctly

The only issue now is that most Linux flavors will not require a password to sudo as the local user set up during the initial install. So you can log in as the local user with your ssh-key and sudo su – to a root shell. So if your key is compromised, you pretty much have root access.

Unless you require a password for sudo and you limit SSH logins to only key-based logins. So now a user has to log in via SSH with their SSH key, and then to sudo they need their password. But they can’t log in via SSH with this password. It’s almost like two factors, but not OTP based. Two factor isn’t always OTP.

Cloud Providers are doing it wrong, kinda.

Cloud providers allow a user to provide an SSH key to be automatically added to the default local user (ubuntu or ec2-user are common users). You can then login via SSH using this key and sudo su - to root or just run sudo commands at will.

If you’re not 100% familiar AWS as a business owner, and you have a contractor working on your servers. They’ll most likely ask for the original AWS key that you created on the initial deployment. This is pure laziness. It’s not a password protected key, and chances are you’ve given it out to multiple contractors.

Bastion Hosts FTW (For the Win)!

A bastion host is a server used to manage access to an internal or private network from an external network – sometimes called a jump box or jump server. Because bastion hosts often sit on the Internet, they typically run a minimum amount of services in order to reduce their attack surface.

https://www.strongdm.com/what-is/bastion-host#:~:text=A%20bastion%20host%20is%20a,to%20reduce%20their%20attack%20surface.

I had to help a client with this recently and will be setting up a bastion host for them utilizing https://goteleport.com

When a contractor or developer needs access to a server, you can deploy their keys to your Bastion Host and then provide them access to your servers from the Bastion Host. I really wish Amazon Web Services (AWS) and Google Cloud Compute (GCP) had this built out already.

What are some good reasons to use sudo?

Auditing is easily turned on for sudo

The only other reason I see a good reason to use sudo is for audit logging. However, you can turn on full system audit logging for all users and see what commands are being run. So it’s moot, the sudo audting is cleaner however.

Automated deployments + Restricting Access

The other reasons for using sudo would be for automated deployments and restricting access. Pulling down code, and then restarting services using automation. Or providing a user access to restart a service or edit configuration and more.

What do I think?

Does it really matter what my take on this is? 😂

I would group this in with changing your SSH port. It’s really an inconvenience, more than anything. However, it can be used to mitigate attacks. Especially when there are multiple users managing the system

I don’t believe sudo provides enough protection simply by using it. You still need to lock down SSH to SSH key-only authentication for all accounts. Once a user logs in, a password is required to utilize sudo, and it should be different than the SSH key password you’re using.

I’d also set up SSH logins and sudo to use 2FA, which is amazing.

How to Set Up 2-Factor Authentication for Login and sudo – Linux.com
www.linux.com

Changelog

  • 11-02-2023 – Moved article from wpguide.io and updated structure and improved some paragraphs.
0 Shares:
Share 0
Tweet 0
Share 0
Share 0
Share 0

Author

Jordan Trask

With 20 years experience in technology spanning from Linux, Data Center Infrastructure and related services and applications. Jordan consults with small, medium and large organizations tackling problems and technology needs. With 10 years experience in WordPress, he’s created Managing WP as a means to dump his brain on the web.

Jordan operates LMT Solutions providing Technology Consulting Services and We Power WP for WordPress Care Plans and Support.

Join our Newsletter


— Previous article

WebWhim Peer Review

Next article —

Why DNS Propagation is Misunderstood and Abused by Support Representives

You May Also Like