I’ve had this argument so many times over the years, and usually the response co... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

klysm 3 months ago | parent | context | favorite | on: Deploy from local to production (self-hosted)

I’ve had this argument so many times over the years, and usually the response comes down to security by obscurity because people won’t know the non-root username

Wilder7977 3 months ago [–]

That I guess is relevant in the context of brute-force login, which given you only use key with, is not really something I would stress over. However, depending on what that user does, there might be vulnerable services running with its privileges, or there might be supply-chain vectors for tools that user runs.

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact