Adding more SSH users to block
After mentioning my SSH honeypot approach to Frank Brokken, he told me I should consider adding admin
as a user as well. So I did: now you can simply use ssh [email protected]
.
While I was adding the admin
user, I decided: why not even more users. I found an article mentioning test
and administrator
as good extra usernames. In all, I added:
Match User test
PasswordAuthentication yes
Match User administrator
PasswordAuthentication yes
Match User admin
PasswordAuthentication yes
Now none of these accounts exist on my server, but what if I add them in the future? Luckily I also have an AllowedGroups
configuration in SSH keeping that scenario from ending in a disaster. Alternatively, you could add the user without a password and and /bin/false
as a shell.
For reference, here are the interesting parts of my /etc/ssh/sshd_config
:
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
AllowGroups users
Match User root
PasswordAuthentication yes
Match User test
PasswordAuthentication yes
Match User administrator
PasswordAuthentication yes
Match User admin
PasswordAuthentication yes
If you decide to try any of these out (and everything works) you will be blocked for an hour. So don't hit the refresh button after executing ssh [email protected]
.