On a server I have a public key auth only for root account. Is there any point of logging in with a different account?
You must log in or register to comment.
Doesn’t even have to be the key necessarily. Could get in via some exploit first. Either way taking over the machine became a 2-step process.
Unless your threat modelling includes nation-states
At which point you should have a handful of extra layers
