After two months of going back and forth with digital ocean I just received a message today that they have deployed a fix so you may not be able to replicate the problem. My main concern is the not notifying customers of this behavior, most likely leaving many unaware and vulnerable. Even though they have fixed this issue which was being set via cloud init, it still leaves currently deployed servers with password authentication set to yes. So hopefully they will notify customers to check their ssh config and reset pass auth back to no.
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment