It must be configured upon the first boot, or as you have said, preconfigured. Our templates set password upon the first boot.
пн, 23 нояб. 2020 г., 14:20 <rva...@privaz.io.invalid>: > Hi Ivan. > > I can imagine: If the template has the hability to re-set password, that > means, that there should not be any password pre-assigned, right? > > Which piece of code is responsible for password/key reset, is it > cloud-init? or is there any other involved part. > > I will try to workout a fix and report to the template owner. > > Regards, > Rafael > > On Mon, 2020-11-23 12:32 AM, Ivan Kudryavtsev <i...@bw-sw.com> wrote: > > Hi. It looks like an improperly crafted template, not a ACS issue. > > > > пн, 23 нояб. 2020 г., 02:18 Rafael del Valle " > target="_blank"><rva...@livelens.net.invalid>: > > > > > Hi Hean, > > > > > > Mystery solved. > > > > > > The template comes with Password Enabled in SSH server. And debian user > > > has a default password: "password". > > > > > > Assigning the SSH key only added the key, without disabling any other > > > thing. > > > > > > Regards, > > > Rafael > > > > > > > > > > > > > > > On Sun, 2020-11-22 03:38 PM, Hean Seng " target="_blank">< > heans...@gmail.com> wrote: > > > > Hi > > > > > > > > You did not change the password, and all using the default password ? > > > > > > > > On Sun, Nov 22, 2020 at 4:59 PM " > > > target="_blank">" target="_blank"><rva...@livelens.net.invalid> wrote: > > > > > > > > > Hi Community! > > > > > > > > > > Congratulations to the new committers. > > > > > > > > > > One VM in a test environment was infected by a brute force SSH > trojan. > > > > > > > > > > The OS is debian-9 , the template from openvm.eu > > > > > > > > > > It had only SSH (22) and iperf (5001) services running and > reachable > > > from > > > > > anywhere. > > > > > > > > > > I believe this article is related because of the tar file > > > (dota3.tar.gz) > > > > > that I found on the system: > > > > > > > > > > > > > > > > > > > https://ethicaldebuggers.com/outlaw-botnet-affects-more-than-20000-linux-servers/ > > > > > > > > > > I have a snapshot of the ROOT volume in case anybody is interested > to > > > > > review it. > > > > > > > > > > I suspect they got in via SSH, but I wonder how as only one KEY was > > > setup > > > > > (no password). I am trying to find out more information. > > > > > > > > > > Has anybody experienced this ? > > > > > > > > > > Regards, > > > > > Rafael > > > > > > > > > > > > > > > > > -- > > > > Regards, > > > > Hean Seng > > > > > >
