Bug#452035: Please reconsider this issue
https://etbe.coker.com.au/2018/03/05/compromised-guest-account/
I just had one of my systems compromised. While I did stuff up, if the
default had been to have AllowUsers I would have set it to only allow desired
ssh users and everything would have been fine.
I suggest that the default configuration should only allow root logins (which
by default means public key access as the default is to not allow root login
with password). That gives the minimal useful functionality and it's not
difficult to figure out which field to edit to add more users if desired.
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
Reply to: