On Thu, May 15, 2008 at 9:58 AM, kenta <[EMAIL PROTECTED]> wrote: > Bind ssh to two ports: 22 and a non standard port > In my firewall rules I specifically allow certain IP's to connect to port > 22.
One variant of that strategy is to run the real SSH on some non-standard port, and then run a sentry on 22, so that anyone trying to connect to 22 is automatically blacklisted. For the truly paranoid, use port-knocking and a non-standard SSH port. And, of course, monitor the firewall logs, so that anyone probing other ports, or anyone probing the non-standard SSH port without knocking first, gets blacklisted. I'm content with running SSH on a non-standard port, and if at all feasible, requiring public keys (no passwords). The non-standard port seems to stop pretty all the stuff commonly found in the wild. (A specifically targeted attack would use a port scan, of course, but that would at least stand out in the logs.) And, of course, if you're running Debian or Ubuntu, regenerate all your keyspairs... :-( -- Ben _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/