Disabling root login without changing to using ssh-keys for authentication doesn't really buy you a whole lot of security; you can still access the box and root with knowing just one password -- the only thing you've avoided are brute force attempts against the root account.
With sudo and only keys based access, the attacker will need to get a copy of the key (barring any new problems with key generation, like the Debian ssl bug) and the password needed for sudo access (or the root password, for su -).
As other's have said, use visudo (possibly with "EDITOR=nano visudo) -- to avoid leaving your sudoers file in a broken state.
An as others mentioned -- make sure you can login and sudo before you log out of the root shell...
Locks to only one editing user and confirms syntax is clean before saving. I'm not aware of nano enforcing correct sudoers syntax. Plus plenty of us don't like nano.
visudo, like vipasswd or crontab -e and other commands, respect the EDITOR environmental variable, so you can edit these files with whatever editor you prefer, while maintaining their protections.
True. Provisioning a new test VM for me usually entails something like this:
ssh in;
visudo;
wtf, this is nano! Boo!;
ctrl-x;
update-alternatives --config editor... :)
With sudo and only keys based access, the attacker will need to get a copy of the key (barring any new problems with key generation, like the Debian ssl bug) and the password needed for sudo access (or the root password, for su -).
As other's have said, use visudo (possibly with "EDITOR=nano visudo) -- to avoid leaving your sudoers file in a broken state.
An as others mentioned -- make sure you can login and sudo before you log out of the root shell...