been using only root account system compromized 502

Thanks for the answer. I found out that the PermitRootLogin line was commented out and that UsePAM was enabled. I attach a copy of the file below for information. (I disabled the sshd service)

# $OpenBSD: sshdconfig,v 1.70 2004-12-23 23:11:00 djm Exp $

# This is the sshd server system-wide configuration file. See # sshdconfig(5) for more information.

# This sshd was compiled with PATH=-usr-bin:-bin:-usr-sbin:-sbin

# The strategy used for options in the default sshdconfig shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value.

#Port 22 #Protocol 2,1 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress ::

# HostKey for protocol version 1 #HostKeyetc-ssh-sshhostkey # HostKeys for protocol version 2 #HostKeyetc-ssh-sshhostrsakey #HostKeyetc-ssh-sshhostdsakey

# Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768

# Logging #obsoletes QuietMode and FascistLogging #SyslogFacility AUTH #LogLevel INFO

# Authentication:

#LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6

#RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh-authorizedkeys

# For this to work you will also need host keys inetc-ssh-sshknownhosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~-.ssh-knownhosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~-.rhosts and ~-.shosts files #IgnoreRhosts yes

# To disable tunneled clear text pbuttwords, change to no here! PbuttwordAuthentication no #PermitEmptyPbuttwords no

# Change to no to disable s-key pbuttwords #ChallengeResponseAuthentication yes

# Kerberos options #KerberosAuthentication no #KerberosOrLocalPbuttwd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no

# GSSAPI options #GSSAPIAuthentication no #GSSAPICleanupCredentials yes

# Set this to 'yes' to enable support for the deprecated 'gssapi' authentication # mechanism to OpenSSH 3.8p1. The newer 'gssapi-with-mic' mechanism is included # in this release. The use of 'gssapi' is deprecated due to the presence of # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to. #GSSAPIEnableMITMAttack no

# Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypbutt the setting of # PbuttwordAuthentication, PermitEmptyPbuttwords, and # "PermitRootLogin without-pbuttword". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no UsePAM yes

#AllowTcpForwarding yes #GatewayPorts no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression yes #ClientAliveInterval 0 #ClientAliveCountMax 3 #UseDNS yes #PidFilevar-run-sshd.pid #MaxStartups 10

# no default banner path #Bannersome-path

# override default of no subsystems Subsystem sftp usr-lib-ssh-sftp-server

# This enables accepting locale enviroment variables LC* LANG, see sshdconfig(5). AcceptEnv LANG LCCTYPE LCNUMERIC LCTIME LCCOLLATE LCMONETARY LCMESSAGES AcceptEnv LCPAPER LCNAME LCADDRESS LCTELEPHONE LCMEASUREMENT AcceptEnv LCIDENTIFICATION LCALL