I’ve had this argument so many times over the years, and usually the response co... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		klysm 4 months ago \| parent \| context \| favorite \| on: Deploy from local to production (self-hosted) I’ve had this argument so many times over the years, and usually the response comes down to security by obscurity because people won’t know the non-root username

Wilder7977 4 months ago [–]

That I guess is relevant in the context of brute-force login, which given you only use key with, is not really something I would stress over. However, depending on what that user does, there might be vulnerable services running with its privileges, or there might be supply-chain vectors for tools that user runs.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact