Security/Hacked System - Now what?!!

Wolfgang S. Rupprecht wolfgang.rupprecht at
Sun Dec 22 02:06:54 UTC 2013

bruce <badouglas at gma> writes:
> You then mod SSH as required to disable root login
> OK, what else should you do?

Root login isn't a bad idea in and of itself.  More important is to not
allow anything but public key logins (eg. ECDSA, RSA).  For people
logging in with root credentials, give everyone a different public key
and keep a secure copy of /var/log/secure on a secure system for
backtracking breakins.   Each login (including root) will show which key
was used to log in.  You can easily see who lost control of their key.

I'm a firm believer in never allowing passwords logins over the net.
Users will hardly ever use random-letter-upper-lower-number passwords.
They always think they are oh so clever with easily guessed strung
together words, with or without a punctuation char.


More information about the users mailing list