Skip to content
Snippets Groups Projects
Commit 856bd97b authored by Goik Martin's avatar Goik Martin
Browse files

Bad guys warning

parent 29b51b3b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Doc/Sdi/CloudProvider/gettingStarted.xml
+ 24
2
View file @ 856bd97b
......@@ -867,6 +867,25 @@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the-middle attack</emphasis>)!</screen>
</figure>
<figure xml:id="sdi_cloudProvider_cloudInit_watchOutForBadGuys">
<title>Watch out for your enemies!</title>
<screen>root@hello:~# journalctl -f
May 06 04:41:20 hello cloud-init[898]: Cloud-init v. 22.4.2 finished at Mon, 06 May 2024 04:41:20 +0000. Datasource DataSourceHetzner. Up 11.78 seconds
...
May 06 04:46:16 hello sshd[927]: Invalid user abc from 43.163.218.130 port 33408
May 06 04:46:17 hello sshd[927]: Received disconnect from 43.163.218.130 port 33408:11: Bye Bye [preauth]
May 06 04:46:17 hello sshd[927]: Disconnected from invalid user abc 43.163.218.130 port 33408 [preauth]
...
May 06 04:50:54 hello sshd[930]: fatal: Timeout before authentication for 27.128.243.225 port 59866
...
May 06 04:52:45 hello sshd[933]: Invalid user cos from 43.163.218.130 port 59776
...
May 06 04:53:04 hello sshd[935]: Invalid user admin from 194.169.175.35 port 51128
May 06 04:53:49 hello sshd[937]: User root from 43.163.218.130 not allowed because not listed in AllowUsers
May 06 04:53:49 hello sshd[937]: Disconnected from invalid user root 43.163.218.130 port 50592 [preauth]</screen>
</figure>
<qandaset defaultlabel="qanda"
xml:id="sdi_cloudProvider_cloudInit_qanda_gettingStarted">
<title>Working on <productname>Cloud-init</productname></title>
......@@ -898,8 +917,11 @@ Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the
</listitem>
<listitem>
<para>Working on security modify your current
configuration:</para>
<para>With respect to <xref
linkend="sdi_cloudProvider_cloudInit_watchOutForBadGuys"/>
inspect the output of <command>journalctl -f</command> on your
own server for a while. Then modify your current
<command>sshd</command> configuration:</para>
<itemizedlist>
<listitem>
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment