Adding more SSH users to block

posted on 2013-09-26

After mentioning my SSH honeypot approach to Frank Brokken, he told me I should consider adding admin as a user as well. So I did: now you can simply use ssh admin@bneijt.nl.

While I was adding the admin user, I decided: why not even more users. I found an article mentioning test and administrator as good extra usernames. In all, I added:

Match User test
    PasswordAuthentication yes
Match User administrator
    PasswordAuthentication yes
Match User admin
    PasswordAuthentication yes

Now none of these accounts exist on my server, but what if I add them in the future? Luckily I also have an AllowedGroups configuration in SSH keeping that scenario from ending in a disaster. Alternatively, you could add the user without a password and and /bin/false as a shell.

For reference, here are the interesting parts of my /etc/ssh/sshd_config:

PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
AllowGroups users

Match User root
    PasswordAuthentication yes
Match User test
    PasswordAuthentication yes
Match User administrator
    PasswordAuthentication yes
Match User admin
    PasswordAuthentication yes

If you decide to try any of these out (and everything works) you will be blocked for an hour. So don't hit the refresh button after executing ssh test@bneijt.nl.