Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I’ve had this argument so many times over the years, and usually the response comes down to security by obscurity because people won’t know the non-root username



That I guess is relevant in the context of brute-force login, which given you only use key with, is not really something I would stress over. However, depending on what that user does, there might be vulnerable services running with its privileges, or there might be supply-chain vectors for tools that user runs.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: