Join Log in
Score:0
avatar Server

Is SSH remote execution more secure as local non-root?

cn flag
morrow

Is there a security benefit running a command remotely via ssh as a local non-root user? In other words, is this actually more dangerous compared to executing the ssh command as non-root:

root@local:~# ssh user@remote "compromised_executable"

I'm assuming the local system isn't compromised and ssh doesn't have any security issues.

94
2 + 0
ssh
Score:1
avatar Server
in flag
Gerald Schneider

No, SSH does not add any benefit. It only ensures that the connection to the remote machine is encrypted, nothing more.

The non-root account should of course not have any sudo-permissions whether it is local or remote doesn't matter.

If you want added security, then execute the binary in a chroot environment or a container, or a VM you can throw away afterwards.

0 + 2
cn flag
morrow
Thanks for responding, I guess my question wasn't sufficiently clear: I'm not asking whether SSH adds a benefit but whether there is a security benefit from running SSH as a local non-root user instead of root (e.g. with sudo).
0
Reply
Michael Hampton avatar
cz flag
Michael Hampton
@morrow Nothing beyond the normal well known benefits of running _anything_ as non-root that does not _need_ to be run as root.
1
Reply
Score:0
Andrija Jostergård avatar Server
pr flag
Andrija Jostergård

SSH is intended to provide confidentiality and integrity of data over an unsecured network.

So if I understand your question correctly, remotely executing ssh commands as non root user should be as safe as logging in via ssh and manually executing the command.

Increase security by adding your machines ssh key to the remote servers authorized_keys file. How to ssh-copy-id

Update

Executing any command that does not need sudo is an unnecessary risk. including ssh.

When and if possible of course, avoid using root to execute programs since it increases risk of compromising your local system.

0 + 2
cn flag
morrow
Thanks for responding. My question is more targeting potential security differences between executing ssh as root compared to non-root. If I understand you correctly, `sudo ssh` would only be problematic if the command itself has security issues?
0
Reply
Andrija Jostergård avatar
pr flag
Andrija Jostergård
Ah honestly I've never thought about that. There has never been a need to execute ssh with sudo for me. I don't see any reason why you'd execute ssh with sudo privileges anyways. But yes, lets say ssh is compromise and you use sudo to execute it, then whatever has been baked into ssh will have full access to your local machine. Very unnecessary risk to take I suppose.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.