[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Interesting article on this subject here:
https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
On 10 February 2015 at 09:32, Simon Waters <simon@xxxxxxxxxxxxxx> wrote:
> The issue with the default SSH config in most distros is it is; anyone
> anywhere, to any user, any number of times.
>
> I usually whitelist users (to the ones where I choose the passwords)
> I usually restrict access to IP addresses I control.
> Where I don't restrict access I apply a second factor (TOTP).
> I either fail2ban or log attempts (and read the logs).
>
> I don't change port, I don't always stop root login, I don't always insist
> on just keys.
>
> There are multiple ways to harden SSH, restricting which IPs, or which
> users, or how many times, all help limit the success of brute force attacks.
> Using keys or strong passwords also stopped more targeted attacks when the
> IP can be spoofed and where obscuring the port no longer help.
>
> As such I see nothing wrong with changing the port other than it is annoying
> to always specify it, but whilst it might reduce the chance of brute force
> success, it shouldn't be reducing it significantly.
>
>
> --
> The Mailing List for the Devon & Cornwall LUG
> http://mailman.dclug.org.uk/listinfo/list
> FAQ: http://www.dcglug.org.uk/listfaq
--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq