My server has been hacked a few days ago and now I decide to ban root user remote login. Is there a way that an attacker can scan my own added user name? (As far as know the answer is NO?). If so, I don't have to set a too strong password for the new user. I mean, it would be far more difficult to guess my custom user name than "root + password".
Asked
Active
Viewed 100 times
0
1 Answers
6
No, it is not possible to see user names from outside the computer other than brute-forcing it.
In general, disabling remote root login is a good idea. Using public key authentication instead of password login is another one.
If you want to keep password login, you can install fail2ban for better security. This will ban IP addresses based on unsuccessful login tries.
For a minimal working setup of fail2ban for securing sshd, you need just 3 simple steps:
# Install fail2ban
sudo apt update && sudo apt install fail2ban
# Enable fail2ban for sshd
printf '%s\n%s\n' "[sshd]" "enable = true" | sudo tee -a /etc/fail2ban/jail.local
# Restart fail2ban
sudo service fail2ban restart
This will enable the default 600 seconds ban after 3 failed login attempts within 600 seconds.
pLumo
- 26,947
-
Yes, I get to know
fail2banfrom an another post just now and am reading the documentation But it seems to be quite complicated to set it up. T_T. – Rick Oct 16 '18 at 14:26 -
1
cat /etc/passwd? – g_p Oct 16 '18 at 14:11