[CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Theodor Sigurjon Andresson
In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and other data out. When you start SSH on port 22 it is done with root privileges because the root user is the

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Karsten Wade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/02/2014 03:45 PM, Theodor Sigurjon Andresson wrote: In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean that you would be handing passwords and

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Theodor Sigurjon Andresson
: [CentOS-docs] Securing SSH -- Change ports -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/02/2014 03:45 PM, Theodor Sigurjon Andresson wrote: In there you are almost telling people that security through obscurity is a good way. That might sometimes be true but in this case it could mean

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread PJ Welsh
The context for ssh !22 is about what others could/would do to a ssh daemon. This includes script kiddies or some zero day exploit trolling for *easy* targets. If you have someone creating a listener on the server, you have an entirely different issue. How often do you randomly connect to some

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Theodor Sigurjon Andresson
. From: centos-docs-boun...@centos.org [centos-docs-boun...@centos.org] on behalf of PJ Welsh [pjwe...@gmail.com] Sent: Thursday, October 02, 2014 23:49 To: Mail list for wiki articles Subject: Re: [CentOS-docs] Securing SSH -- Change ports The context for ssh !22 is about what

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Manuel Wolfshant
On 10/03/2014 04:17 AM, Theodor Sigurjon Andresson wrote: Yes, when securing your services you*layer* defenses that could include using STO. But when STO is set up in a wrong way it can lead to a security issue. It isn't good to protect your services to slow down or prevent an attack by

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Karsten Wade
. - - Karsten From: centos-docs-boun...@centos.org [centos-docs-boun...@centos.org] on behalf of Karsten Wade [kw...@redhat.com] Sent: Thursday, October 02, 2014 22:49 To: centos-docs@centos.org Subject: Re: [CentOS-docs] Securing SSH -- Change ports

Re: [CentOS-docs] Securing SSH -- Change ports

2014-10-02 Thread Karsten Wade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/02/2014 09:11 PM, Manuel Wolfshant wrote: Incidentally I am a fan of using iptables (recent match) to limit the number of admissible attempts from any given IP to connect to sshd ( yes, I know, it has nothing to do with the initial concern