Let’s talk about the lowest hanging fruit for botnets: password-based SSH. If you’re still allowing it, you’re not just leaving a door open; you’re putting out a welcome mat for Mirai and its cousins. This isn’t theoretical; it’s the number one vector for automated attacks.
The 2024 XZ Utils backdoor attempt underscored how critical defense-in-depth is, especially for foundational services. Password authentication for SSH is archaic and dangerous, especially when public key infrastructure is so readily available and secure.
The fix is simple, effective, and mandatory. Disable password authentication entirely.
In your sshd_config: PasswordAuthentication no PubkeyAuthentication yes
Then restart your SSH daemon: sudo systemctl restart sshd
If you’re not doing this, you’re operating with a critical vulnerability that’s easily exploitable. This is basic hygiene, not advanced security.
Go check your configs. Now.
The fix
# /etc/ssh/sshd_config
PasswordAuthentication no
PubkeyAuthentication yes
# Restart sshd
sudo systemctl restart sshd
Reference: CIS Linux Benchmark 5.2.12