diff --git a/Doc/Sdi/CloudProvider/gettingStarted.xml b/Doc/Sdi/CloudProvider/gettingStarted.xml
index 11ca053a5f7e1608a5ed67672b64112f25dc059f..a938a6d9656b38dae675fe84147a343f09bf678c 100644
--- a/Doc/Sdi/CloudProvider/gettingStarted.xml
+++ b/Doc/Sdi/CloudProvider/gettingStarted.xml
@@ -867,6 +867,25 @@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
 Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the-middle attack</emphasis>)!</screen>
     </figure>
 
+    <figure xml:id="sdi_cloudProvider_cloudInit_watchOutForBadGuys">
+      <title>Watch out for your enemies!</title>
+
+      <screen>root@hello:~# journalctl -f
+May 06 04:41:20 hello cloud-init[898]: Cloud-init v. 22.4.2 finished at Mon, 06 May 2024 04:41:20 +0000. Datasource DataSourceHetzner.  Up 11.78 seconds
+   ...
+May 06 04:46:16 hello sshd[927]: Invalid user abc from 43.163.218.130 port 33408
+May 06 04:46:17 hello sshd[927]: Received disconnect from 43.163.218.130 port 33408:11: Bye Bye [preauth]
+May 06 04:46:17 hello sshd[927]: Disconnected from invalid user abc 43.163.218.130 port 33408 [preauth]
+   ...
+May 06 04:50:54 hello sshd[930]: fatal: Timeout before authentication for 27.128.243.225 port 59866
+   ...
+May 06 04:52:45 hello sshd[933]: Invalid user cos from 43.163.218.130 port 59776
+   ...
+May 06 04:53:04 hello sshd[935]: Invalid user admin from 194.169.175.35 port 51128
+May 06 04:53:49 hello sshd[937]: User root from 43.163.218.130 not allowed because not listed in AllowUsers
+May 06 04:53:49 hello sshd[937]: Disconnected from invalid user root 43.163.218.130 port 50592 [preauth]</screen>
+    </figure>
+
     <qandaset defaultlabel="qanda"
               xml:id="sdi_cloudProvider_cloudInit_qanda_gettingStarted">
       <title>Working on <productname>Cloud-init</productname></title>
@@ -898,8 +917,11 @@ Someone could be eavesdropping on you right now (<emphasis role="red">man-in-the
               </listitem>
 
               <listitem>
-                <para>Working on security modify your current
-                configuration:</para>
+                <para>With respect to <xref
+                linkend="sdi_cloudProvider_cloudInit_watchOutForBadGuys"/>
+                inspect the output of <command>journalctl -f</command> on your
+                own server for a while. Then modify your current
+                <command>sshd</command> configuration:</para>
 
                 <itemizedlist>
                   <listitem>