Re: Irish virus v2?
the fuck are you talking about?
A new purported ransomware variant is hitting Linux servers, deleting files and demanding payment for the return of lost data. The scam is possibly a bluff, since it does not follow the regular format of encrypting files and leaving ransom notes for slick and automated payment. Information on the attacks is scarce. Bleeping …
sshd_config - don't forget also:
(probably the more important one)
then you can allow only SPECIFIC users via 'AllowUsers' 'AllowGroups' etc.
further reduces the possibility of guessing BOTH the user name AND password, unless you disable passwords entirely.
I don't favor entirely disabling passwords. that way you can remote in from ANY machine with an ssh client on it, regardless of whether or not you put the appropriate key into the appropriate place, or are on a dynamically assigned IP address, or something similar. then you pick both a cryptic user name AND a hard-to-guess passphrase (not 'correct horse battery staple' but one like it)
anyway, better than "root:god"
edit: just saw after posting, someone else posted right before me about 'PermitRootLogin'. great minds think alike. 'race condition', he won.
Biting the hand that feeds IT © 1998–2019