I have been logging into my servers and home PC as root for over 6 years and nothing bad has ever happened

>I have been getting blackout drunk at a bar and then driving home every single day for 6 years and nothing bad has ever happened.

>Why do you keep telling people not to do this?

>Has it been a troll all along just to annoy me with stop lights?

This is how you sound to me.

...

Is she eating cum cookies?

Forbidding ssh root login adds another level of security, e.g. if they steal your keys, they still can't do shit because the ssh login is unprivileged anyway, if they logged in as root they could do w/e. It's always good to keep privileges separated, e.g. don't run apache/ngix/torrent services as root for the same reason: anything happens it can't harm your core system and stay kind of isolated on its own. The sysadmin has to login as root to do his stuff, it's idiotical to sudo every command when maintaining a sever, imo. That being said, I usually always disable root shell access when I'm done (unless you need daily maintance on the server), and re-enable it with a different password the next time.

You just haven't noticed ;)

>If you do something stupid as root you could potentially fuck up your system. If you're not an idiot, using root as your default user is perfectly fine

This is what I never understand.
If I do something stupid, I won't know its stupid until after I do it.

All not having root will do is make me type the password before I do stupid thing.

>So you've never, ever made a typo or executed something undesirable in the wrong directory!
Iv made plenty of typos but that just throws an error.
As for directories its pretty obvious, i'm not going to accidentally delete etc while trying to move a file in usr.

I laughed but i'm serious when I say I think your all over reacting.
The only downside to running root that I can think of is security related.

I completely agree with this. But for my home PC i'l take convenience over security.

>enabling remote root auth by password
ever heard of key pairs?

ever heard of 'reading comprehension'?
>Forbidding ssh root login adds another level of security, e.g. if they steal your keys
where did I say 'auth by password'? I specifically implied keys should be used.

>for my home PC i'l take convenience over security
if it doesn't serve anything rather than my LAN, same goes for me. You have to secure the LAN at router level anyways.

>You have to secure the LAN at router level anyways.
What does your setup look like?

router, home NAS, pihole, desktop(includes several bridged VMs), wifi-devices. Router uses the pi as dns server, wifi is mac restricted, dhcp is disabled, incoming connections are dropped and there is fail2ban configured at router level.

>pihole
Neat. I have to try this. Thanks user.

What's the router?

any open-wrt router can make that work

If you mistype something you're more likely to be aware of it before typing your whole password with sudo, or maybe you can sometimes hit enter by mistake. Having different users and groups also allows for a more complex permission system than just being root/not being root.
Making a separate user is the correct way, you also limit all applications to have less permissions this way unless they explicitly require it so you use sudo.

Aqua sucks dicks for free

OpenWRT is so 2015.
LEDE is where things are happening now.

>>I have been getting blackout drunk at a bar and then driving home every single day for 6 years and nothing bad has ever happened.
I call that a good stroke of luck. Id be surprised he'd still do that after the 3rd years but 6. Damn

Principle of least privilege. You are aware that your system could be more secure in the case that your key is compromised. That doesn't mean you have to have more security, or add that layer of protection. But that extra layer of security is available to you. BTW, you don't have to use 2048 bit keys, either. You can probably just use password over SSH for the next 6 years without a problem. You can probably forego the password, too and have zero issues as long as ssh isn't open on your public IP. How much of the security and best practices that you're using and following do you really need on your home network? Why are you following any of them?