https://etbe.coker.com.au/2018/03/05/compromised-guest-account/
I just had one of my systems compromised. While I did stuff up, if the default had been to have AllowUsers I would have set it to only allow desired ssh users and everything would have been fine. I suggest that the default configuration should only allow root logins (which by default means public key access as the default is to not allow root login with password). That gives the minimal useful functionality and it's not difficult to figure out which field to edit to add more users if desired. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/
