On Fri, 2017-12-22 at 13:32 +0100, Sebastian wrote: > On 12/22/2017 01:02 PM, Alice Wonder wrote: > > On 12/22/2017 03:57 AM, Torge Riedel wrote: > > > Maybe there is one hint to offer in the guide: Change the port of sshd > > > to somewhat else than 22. I observed massive reduction of sshd attacks > > > on my servers after changing the port. > > Indeed, that's fairly standard. Wasn't aware it wasn't in the guide. > Because it's not cryptography.
I was also under the impression that these reserved ports were better protected by the OS, changing to a non-standard port could actually result in reducing security. A very quick Google seems to agree with what I remember, e.g. https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/ Leaving it on the default port ensures the OS will be doing everything it can to protect it. Changing it might reduce the number of random brute force attempts (but these are not going to succeed if you've secured your system anyway), but might make your server more vulnerable to an actual targeted attack (which is significantly more likely to succeed).
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Ach mailing list [email protected] https://lists.cert.at/cgi-bin/mailman/listinfo/ach
