<quote name="=?ISO-8859-1?Q?Alberto_Trevi=F1o_" date="Fri, 1 Aug 2008 at 08:43 -0600"> > groups as necessary) is also recommended. And, of course, using a port > other than 22 is a Good Thing, especially a port above 10000 (like 37422) > since hardly anyone will probe those ports on a fast port scan.
I'm sorry I started such a controversy here, and I'll try to be tactful here. Here again you call changin the ssh port a "Good Thing" like it's some magical security dust that makes things more secure. I'm simply warning that it probably doesn't add as much security as you might think. If you're getting thousands upon thousands of botted ssh attacks _and_ you have a weak password, you're in trouble. You can change the port but that won't fix your password. Someone will eventually find your changed port and crack your weak password. If you have strong passwords you shouldn't need to worry about those thousands of attacks, lest it be for load concerns. If you disable passwords completely, all those scripted attacks fall flat on their faces without so much as a shrug on your servers end, _and_ you really are more secure in the end. Thus, the only legitimate reason I see to change the ssh port is to avoid excessive load where disabling passwords is not an option, and even then there are better solutions that have already been aluded to in this thread. Don't take this as insulting your intelligence, rather take it as friendly advice. If you like typing extra port numbers when you ssh, well, be my guest, but please don't let your port obscurity lull you into being more lax on your passwords. Von Fugal
signature.asc
Description: Digital signature
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/mailman/listinfo/uug-list
