Tuesday, March 08, 2016

Bad usernames

There are a lot (a LOT!) of articles about bad and weak passwords. What about weak usernames?

I have a server with public facing sshd (stuck on standard port 22). Running this gives a rough idea of what default usernames are to avoid:

lastb -w | awk -F " " '{print $1}' | sort -n | uniq -c  | sort -n -r | more
     39 admin     29 oracle     21 test      9 user      9 postgres      8 guest      8 git      8 a      7 nagios      4 ubuntu      4 ftpuser      3 redmine      3 office      3 developer      3 b      3 alias      3 ADMIN      2 zhangyan      2 www      2 vyatta      2 ucpss      2 ubnt      2 tomcat      2 teamspeak3      2 teamspeak      2 steam



What else can be done besides passwordless ssh key only encryption for access? Well limiting exposure with fail2ban slows down any possibility of brute forcing and whitelisting by geo-locating IP addresses may help too: http://www.axllent.org/docs/view/ssh-geoip/
And of course only open the ports needed via firewall etc.


No comments:

Post a Comment