I had an unwanted visitor on my Proxmox server a couple days ago, and I couldn't find any clear way to log them out of the panel after I changed the passwords, so is there a way to just invalidate all the session tokens, and log everyone currently logged in, out?
Log out all currently logged-in users
- Thread starter youseemeroller2100
- Start date
-
- Tags
- auth authentication pve
you can remove the authkey used for ticket signing (
note that there are more secrets that you probably also want to rotate:
- any API token secrets, @pam or @pve passwords
- TFA secrets
- corosync auth key in case this was a cluster
- root SSH key and host keys
- TLS certs/keys
- storage credentials
- ..
and that just covers the host side, depending on what kind of access your attacker had you might also want to restore guests from a pre-exploit backup on a clean system..
rm /etc/pve/authkey.pub /etc/pve/authkey.pub.old /etc/pve/priv/authkey.key), that will invalidate all existing session tickets and the next login flow or pvestatd cycle should generate a new one.note that there are more secrets that you probably also want to rotate:
- any API token secrets, @pam or @pve passwords
- TFA secrets
- corosync auth key in case this was a cluster
- root SSH key and host keys
- TLS certs/keys
- storage credentials
- ..
and that just covers the host side, depending on what kind of access your attacker had you might also want to restore guests from a pre-exploit backup on a clean system..
