So in reviewing the var/log/auth.log etc. files today, I note a drastic (as in 100%!) reduction in unauthorized SSH login attempts at the EXPLOINSIGHTS servers. Bloody brilliant!
This either means:
- All the hackers have turned into good guys; OR
- Russia and China are on holiday (prior month SSH hack attempts, of which there were many had IP addresses “from these nations”, which is hardly a smoking gun as IP’s can be spoofed, but it’s all I had to go on); OR
- Using public-private SSH login keys AND two-factor login has done it’s job* – yay!
Two-factor login is enabled for the EI servers and the services thereon. If you are not using two-factor then I say THANK YOU – it makes you a more attractive target, so hopefully the hackers will continue to leave me alone for a while. 🙂
Tip: And on the subject of SSH two-factor login, it took me quite a while to figure out why I couldn’t log back into my servers AFTER the first reboot after I enabled two-factor. All the tests via SSH worked before the reboot. It drove me NUTS. The reason was that my Ubuntu encrypted /home/user directory is NOT unlocked via SSH login, so the SSH tunnel could not read my keys at ~.ssh/authorized_keys thus I failed the first and biggest login hurdle. Either disable /home/user folder encryption or move your encryption keys to another location (say /var/SSH).
*I actually also did something else beyond two-factor and pub-private keys, but I am not sharing that publicly. Message me, and if I feel like trusting you (a real email address goes a long way…), I will let you know my third factor. 🙂