In there you are almost telling people that security through obscurity is a
good way.
That might sometimes be true but in this case it could mean that you would be
handing passwords and other data out.
When you start SSH on port 22 it is done with root privileges because the root
user is the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/2014 03:45 PM, Theodor Sigurjon Andresson wrote:
In there you are almost telling people that security through
obscurity is a good way. That might sometimes be true but in this
case it could mean that you would be handing passwords and
: [CentOS-docs] Securing SSH -- Change ports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/2014 03:45 PM, Theodor Sigurjon Andresson wrote:
In there you are almost telling people that security through
obscurity is a good way. That might sometimes be true but in this
case it could mean
The context for ssh !22 is about what others could/would do to a ssh
daemon. This includes script kiddies or some zero day exploit trolling for
*easy* targets. If you have someone creating a listener on the server, you
have an entirely different issue. How often do you randomly connect to some
.
From: centos-docs-boun...@centos.org [centos-docs-boun...@centos.org] on behalf
of PJ Welsh [pjwe...@gmail.com]
Sent: Thursday, October 02, 2014 23:49
To: Mail list for wiki articles
Subject: Re: [CentOS-docs] Securing SSH -- Change ports
The context for ssh !22 is about what
On 10/03/2014 04:17 AM, Theodor Sigurjon Andresson wrote:
Yes, when securing your services you*layer* defenses that could include using
STO. But when STO is set up in a wrong way it can lead to a security issue. It
isn't good to protect your services to slow down or prevent an attack by
.
- - Karsten
From:
centos-docs-boun...@centos.org [centos-docs-boun...@centos.org] on
behalf of Karsten Wade [kw...@redhat.com] Sent: Thursday, October
02, 2014 22:49 To: centos-docs@centos.org Subject: Re:
[CentOS-docs] Securing SSH -- Change ports
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/02/2014 09:11 PM, Manuel Wolfshant wrote:
Incidentally I am a fan of using iptables (recent match) to limit
the number of admissible attempts from any given IP to connect to
sshd ( yes, I know, it has nothing to do with the initial concern