> On 22 Dec 2017, at 13:32, Sebastian <[email protected]> wrote: > > On 12/22/2017 01:02 PM, Alice Wonder wrote: >> On 12/22/2017 03:57 AM, Torge Riedel wrote: >>> Maybe there is one hint to offer in the guide: Change the port of sshd >>> to somewhat else than 22. I observed massive reduction of sshd attacks >>> on my servers after changing the port. >> >> Indeed, that's fairly standard. Wasn't aware it wasn't in the guide. > Because it's not cryptography.
+1 This discussion regularly comes up in GitHub PRs as well. If you use passwords so weak that there is a real possibility that it can be bruteforced, you should review your password policy, probably switch to using only keys et cetera. If you don't care for a lot of entries in your logfiles on possible attackers (I think that's potentially valuable doing e.g. forensics on a machine) you can use simple filters, fail2ban or other tools. There's no real security in changing the ssh standard port. Most attackers that scan also scan ports that are regularly used as alternatives '222..' Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
