I would echo Alexander's comment from up-thread and recommend failing closed, not open[*], by using 'AllowUsers' with a group containing the only users who should be able to ssh. (Whether you include root in that group depends on your use case). ____________________ [*]: If another system account is added to the machine and you don't add that account to the DenyUsers line, the new system account may be vulnerable to the same attack. -- jmk > On Mar 1, 2022, at 09:19, Whit Blauvelt <whit@xxxxxxxxxxxxx> wrote: > > Adding a DenyUsers line in sshd_config > listing all the system user accounts works to block this intrusion, and will > be my standard practice now. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
