Ubuntu Server SSH configuration file help

This is my sshd_config file settings I can connect to my server with my pc using public key but I can also connect from another pc with the password of sudo user account. How can make the login possible only with public key in SSH and SFTP? Thanks a lot

# This is the sshd server system-wide configuration file.  See # sshd_config(5) for more information.  # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin  # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented.  Uncommented options override the # default value.  #Port 22 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::  #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_ecdsa_key #HostKey /etc/ssh/ssh_host_ed25519_key  # Ciphers and keying #RekeyLimit default none  # Logging #SyslogFacility AUTH #LogLevel INFO  # Authentication:  LoginGraceTime 1m PermitRootLogin without-password #StrictModes yes MaxAuthTries 3 #MaxSessions 10  PubkeyAuthentication yes  # Expect .ssh/authorized_keys2 to be disregarded by default in future. #AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2  #AuthorizedPrincipalsFile none  #AuthorizedKeysCommand none #AuthorizedKeysCommandUser nobody  # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes  # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no  # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) ChallengeResponseAuthentication no  # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no  # GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes #GSSAPIStrictAcceptorCheck yes #GSSAPIKeyExchange no  # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication.  Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. UsePAM no  #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PermitTTY yes PrintMotd no #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS no #PidFile /var/run/sshd.pid #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none #VersionAddendum none  # no default banner path #Banner none  # Allow client to pass locale environment variables AcceptEnv LANG LC_*  # override default of no subsystems Subsystem   sftp    /usr/lib/openssh/sftp-server  # Example of overriding settings on a per-user basis #Match User anoncvs #   X11Forwarding no #   AllowTcpForwarding no #   PermitTTY no #   ForceCommand cvs server 

How detectable is malicious code run by programs that download and then install the main file?

There are many programs (free or otherwise) where the user is asked to download a small installer file, which may display the EULA to the user or do some other user registration, which then downloads the latest version of the main program (much larger, and often consists of many files) to install the software.

There are many instances where this is legitimate, and it seems to be popular with mainstream software packages like ADOBE or Microsoft products, and it makes sense to use this approach to handle the installation of software, but if I download a 15MB installer program for some audio processing program and scan it on VirusTotal and it says nothing is detected, but then when I run it the program says it needs to download 150MB, it completely avoids the detection, doesn’t it?

The downloaded software may even be different each time, and likely will be because of version changes and updates.

So I should then scan the newly downloaded files before running them, shouldn’t I?

Is it common for programs to be set up so that they download a malicious file from a server and then run it within its own program? And does that get detected as malicious?

Why is a host making requests for WPAD file from external location?

In NGFW logs of my customer, I noticed requests to [REDACTED]/wpad.dat being made. Destination domain is registered on an external IP not related to the customer and user agent suggests that Windows AutoProxy is used. I was able to download the wpad file myself and inspect its contents:

function FindProxyForURL(url, host)   {   return "DIRECT";   }  

If I understand correctly, the traffic is not routed through any rogue proxy server for it to be a WPAD attack.

I’m trying to figure out what could have caused this traffic to take place to begin with? “Internet settings” changes (made by e.g. malware) on the hosts? And are there any other risks related to this traffic, aside from the fact that the wpad file can be changed by the server owner?

Improve SEO by forcing web crawlers to read csv file searching for keywords

I am trying to improve the seo of my website and I recently used an online seo tester for my first custom-coded website.

I am trying to improve the number of unique keywords and textual content crawled and I’m hoping to use the .csv file I created for the plotly.js sunburst. I followed this example https://plot.ly/javascript/sunburst-charts/#large-number-of-slices.

Right now I think the best way is to allow access to the .csv would be using the robots.txt file but I have not been able to confirm that approach will help. I’m new to the web development world so I apologize if the question is primitive. Any help is appreciated.

Modifying host file versus firewall

I am trying to protect a macOS computer. Specifically, I want to prevent the machine from making unwanted connections over the internet. I am aware of firewalls of course. But I stumbled upon the idea of adding many domain names to /etc/hosts, and redirect them to 0.0.0.0 to prevent connections to them.

Is this method safe? I can see it does not prevent connecting directly to an IP. Would most malware be fooled by such a hosts configuration, or would they likely use directly an IP address, or not honour the /hosts file?

How should I compare using a firewall versus using the /etc/hosts file? I guess the most low level, the harder it is for malware to get around. So which method is lowest level?

Theoretically, If you know the hash of a program one intends to install and you generate another file that hashes to that value what could you do?


If I know the hash of a program you intend to install is d306c9f6c5…, if I generate some other file that hashes to that value, I could wreak all sorts of havoc. – from https://nakamoto.com/hash-functions/

Theoretically, If you know the hash of a program one intends to install and you generate another file that hashes to that value what could you do?

how to unencrypt a file in windows 10? [closed]

I had decided to encrypt a folder in my hard drive. This is what I did: 1- right clicked on my folder, selected properties 2- clicked on “advanced” button 3- checked “encrypt contents to secure data” box. then clicked on “Apply” button 4- selected “Apply to folder, subfolders and files” . then “OK”. The process began but in the middle of it, I canceled the process. but the name of the folder and a subfolder changed to green. I had tried to change it by going the same process and deselecting “encrypt contents to secure data” box but it doesn’t work. What should I do?

Interpret the CPU usage in SQL trace file

During our performance evaluation, we run one load simulation with SQL trace on. And while analyzing the trace file I want to calculate the CPU usage. How to do it? (Please refer the screenshot attached)

enter image description here

So for the physical read, we observed a CPU spike but don’t know how to interpret it.

Tha value showing for 53,682,888 reads, the CPU utilized is 1,254,911. Is it in a microsecond or in cycles?

File size and screen recording

First and foremost, I would like an academic reference on how screen recording “works.” I have tried searching online, but I only get results for the software itself.

Exactly how does screen recording work, and to what extent does the content one records effect filesize? For instance, if I were to record my screen playing an (x) resolution video, would the final output size be proportionally larger? Why or why-not?

If this question is closed, please, I would appreciate a reference, or a better way to phrase it (or a referral to a more appropriate sub-forum). Thanks.