It probably doesn’t belong to the group. Disabling password logins is good. That means ONLY authorized key auth is enabled or ldap/ad/domain. I should check out the sshd.conf before I talk out of my ass about what it should do…
It’s just one of those spidey-senses that goes off when there’s a default user, a read-only filesystem, and internet enabled *nix
It’s just one of those spidey-senses that goes off when there’s a default user, a read-only filesystem, and internet enabled *nix