> On Jun 23, 2021, at 12:19 PM, Brian Candler <b.candler@xxxxxxxxx> wrote: > > On 23/06/2021 17:03, Saint Michael wrote: >> I got hacked in 72 servers this week, they installed Bitcoin miners. > > Are you saying this happened through opensshd? > > What specifically was the cause: do you allow password authentication for example? > > You can control this by IP address with "Match" clauses in sshd_config. For example: > > PasswordAuthentication no > > Match Address 10.0.0.0/8,fc00::/7 > PasswordAuthentication yes > > This will allow passwords only from the 10.0.0.0/8 and fc00::/7 networks, forcing connections from the Internet to use a proper authentication mechanism (e.g. keys) > > Another option would be to setup 2FA through a third party service with OpenSSH. I’ve got duo setup for OpenSSH connections on critical MidnightBSD systems for this reason. Lucas Holt Luke@xxxxxxxxxxxxxxxx ________________________________________________________ MidnightBSD.org (Free OS) JustJournal.com (Free blogging) _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
