[jnbiche]

> Wow, didn't know that. Good thing I usually block root access.

Edit: Ah, my bad, you meant your SSH config, I misunderstood.

I assume you're talking about blocking the document root of your web server, because at least on stock Ubuntu, you can't 100% block the root user from accessing anything (e.g., on Linux, a logged-in root can always use CAP_DAC_OVERRIDE to override permissions). Among other things, that's why a rooted Android phone can access apps that even the app developer doesn't want them to.

Here, they're talking about setting up an ssh key for the root user somewhere that the ssh server is aware of. They certainly won't put it in a directory like a document root such as `/www`. Probably they put it in `/etc/ssh`.

[detaro]

I'd assume they are talking about the typical practice of disallowing ssh logins as root (instead logging in as a user and then using sudo for administrative tasks)

[jnbiche]

Thanks, I didn't pick that up, although I often do that on my SSH config. For some reason, "block root access" in lieu of "block root log-in" just didn't register for me as referring to SSH config. Thank you for explaining instead of just downvoting.

[pietroalbini]

Yep, that was it!