11
pntshgl
7y

How bad is it for a fortune 500 company to open port 22 over the internet for all its linux servers?? Today, I reported this to my boss and he said "it won't be a problem, no one can login without a password".

Comments
  • 0
    @ThatDude we have some external contractors and they need to upload files via sftp
  • 0
    @SHA-16384 exactly, can you give me some cases/methods how this can be exploited without anyone knowing the credentials, so I could prove my point in front of the team
  • 0
    @Haxk20 I guess not, but they lock the user account after three unsuccessful login attempts
  • 0
    @pntshgl welcome to devRant :)
  • 1
    @Haxk20 yup, trying for that. But you know these corporates.. it will take approval from 5 different people, then one of them will say we can't do that it will impact business... Thanks for the info though
  • 1
    @Hedgepig thanks buddy 😀
  • 0
    Oh boy, it's one of the first things most scripts, bots, kids check..

    At least I hope you exclusively use encrypted and password locked keys...
  • 0
    I hope they at least do keys. Then, it doesn’t matter how many bots bounce off the login prompt, they aren’t getting jack.

    As a stopgap you might wanna install Fail2Ban
Add Comment