Possible Backdooring /etc/SSH/sshd_config.d/50-cloud-init.conf
It appears that Ubuntu is automatically generating a file in that directory, potentially creating a backdoor option for users who choose common default credentials, such as 'admin/admin.' This could inadvertently undermine attempts to enforce private key authentication by setting 'PasswordAuthentication no' in the main '/etc/ssh/sshd_config' file, as there might be an override active in that subdirectory /etc/ssh/sshd_config.d/ without the user's awareness. Please let me know if you encounter the same files and check your systems, I've got the suspicion that this is not a one time occurrence!
No comments yet.