diff options
Diffstat (limited to 'guides/cloud/vps.org')
| -rw-r--r-- | guides/cloud/vps.org | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org index cfb1b89..b8c3fd5 100644 --- a/guides/cloud/vps.org +++ b/guides/cloud/vps.org @@ -14,3 +14,25 @@ On OVH's Debian image: Debian's fail2ban comes with a jail for ~sshd~, so it's just a matter of ~apt install fail2ban~. +** Tweak user accounts +=debian= seems mildly popular among bots looking for valid usernames. + +Ideally I'd just rename the =debian= account, but renaming does not +seem to be a very well-defined operation. ~usermod --login $name +--move-home --home /home/$name debian~ gets partway there, but leaves +a bunch of miscellany to take care of (e.g. sudoers). + +So instead, I'll +- create my own user account: ~sudo adduser $name~ +- add it to all groups =debian= belongs to: + #+begin_src sh + groups=$(groups | sed -e 's/ *debian *//' -e 's/ /,/g') + sudo usermod --append --groups ${groups} $name + #+end_src +- only allow password authentication over SSH for this new user + account: + #+begin_src conf + PasswordAuthentication no + Match User … + PasswordAuthentication yes + #+end_src |