It is probably a duplicate of any question I did not find, but I am curious.
I own a Linux - server hosted somewhere and I configured it to allow ssh connections for user root - actually it has no other real user configured. It has no password all together and sshd is configured to allow password-less root login.
I also saw several posts saying root-password combinations are to easy to guess and you should therefore disable remote root login. Further on they usually write ssh keys are nearly unguessable and therefore considered save. So why should no one use them on root then?
Sometimes they state something like you see who does something on your system, but it is my own private system, if someone else does something there with out me knowing I am in big trouble never the less, right? I get it for non private systems, but nothing like mine.
And finally they even write you could extinguish what command needs to have root privileges and which do not. I think having a program you do not trust making no unexpected things on your system is the real security issue here. Or it is just you yourself and you better have backup then...
So what is the real reason everyone should ban root login from ssh all together? Is it outdated or is my use-case a niche one that is just overseen or am I wrong and overseeing any issues here?
Well I am well aware my security lies in the ssh key I am using and therefore I restrict myself from letting a key leave the client disk in any matter. So in case I lose my phone, I just remove this line in my ~/.ssh/authorized_keys file.
My configuration before someone asks...:
/etc/passwd
root:x:0:0::/root:/bin/bash
bin:x:1:1::/:/usr/bin/nologin
daemon:x:2:2::/:/usr/bin/nologin
mail:x:8:12::/var/spool/mail:/usr/bin/nologin
ftp:x:14:11::/srv/ftp:/usr/bin/nologin
http:x:33:33::/srv/http:/usr/bin/nologin
nobody:x:65534:65534:Nobody:/:/usr/bin/nologin
dbus:x:81:81:System Message Bus:/:/usr/bin/nologin
systemd-journal-remote:x:982:982:systemd Journal Remote:/:/usr/bin/nologin
systemd-network:x:981:981:systemd Network Management:/:/usr/bin/nologin
systemd-resolve:x:980:980:systemd Resolver:/:/usr/bin/nologin
systemd-timesync:x:979:979:systemd Time Synchronization:/:/usr/bin/nologin
systemd-coredump:x:978:978:systemd Core Dumper:/:/usr/bin/nologin
uuidd:x:68:68::/:/usr/bin/nologin
git:x:976:976:git daemon user:/:/usr/bin/git-shell
polkitd:x:102:102:PolicyKit daemon:/:/usr/bin/nologin
dnsmasq:x:974:974:dnsmasq daemon:/:/usr/bin/nologin
named:x:40:40:BIND DNS Server:/:/usr/bin/nologin
systemd-oom:x:972:972:systemd Userspace OOM Killer:/:/usr/bin/nologin
/etc/ssh/sshd_config
PermitRootLogin without-password
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
Subsystem sftp /usr/lib/ssh/sftp-server
/etc/shadow
root:*:14871::::::
bin:!*:18502::::::
daemon:!*:18502::::::
mail:!*:18502::::::
ftp:!*:18502::::::
http:!*:18502::::::
nobody:!*:18502::::::
dbus:!*:18502::::::
systemd-journal-remote:!*:18502::::::
systemd-network:!*:18502::::::
systemd-resolve:!*:18502::::::
systemd-timesync:!*:18502::::::
systemd-coredump:!*:18502::::::
uuidd:!*:18502::::::
git:!*:18512::::::
polkitd:!*:18522::::::
dnsmasq:!*:18522::::::
named:!*:18525::::::
systemd-oom:!*:18724::::::
rsakeys nowadays. I gonna block my last 2046 key within the next few days. I got someed25519keys, they are still considered secure, aren't they? About your second part, it is exactly what I wrote in my third bullet. @DavidPostill thank you for correcting my post!