On 6/21/2010 8:42 PM, Bill Sconce wrote: > On Mon, 21 Jun 2010 11:05:18 -0400 > Chip Marshall<c...@2bithacker.net> wrote >> On 21-Jun-2010, Bill Sconce<sco...@in-spec-inc.com> sent: >> >>> START WITH NEVER EXPOSING SSHD ON PORT 22. >>> >> You don't secure your house by hiding the door, you secure it by >> having good locks. >> > I couldn't agree more. The idea is to cut down on the scratching > and rattling noises as every script kiddie in Romania bashes on your > door on the chance it might be unlatched. Noise is annoying; it's > hard to see why anyone would recommend that you have to put up with > it. (Nevertheless, if you like port 22, use port 22.) > > I hope I didn't give the impression that moving off port 22 is the > only thing I recommend, or do. > When I had 26,000 SSH door rattlings, on one server, in one day, I moved from port 22 on almost every device we administer. The logs were so full of door rattlings, real warnings could get lost. I have never had another SSH probe since. They really must be script kiddies - no port scans to identify alternate SSH ports. As I can limit most SSH connections to a limited pool of originating IPs, I do that too. If possible, we only use SSH keys, no password logins. No root logins. Protocol 2 only, etc. Of course, no remote access unless it is needed. Like any security, the more layers the better.
-- Dan Jenkins, Rastech Inc., Bedford, NH, USA, 1-603-206-9951 *** Technical Support Excellence for four decades. _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/