[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
I usually whitelist users (to the ones where I choose the passwords) I usually restrict access to IP addresses I control. Where I don't restrict access I apply a second factor (TOTP). I either fail2ban or log attempts (and read the logs).I don't change port, I don't always stop root login, I don't always insist on just keys.
There are multiple ways to harden SSH, restricting which IPs, or which users, or how many times, all help limit the success of brute force attacks. Using keys or strong passwords also stopped more targeted attacks when the IP can be spoofed and where obscuring the port no longer help.
As such I see nothing wrong with changing the port other than it is annoying to always specify it, but whilst it might reduce the chance of brute force success, it shouldn't be reducing it significantly.
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq