I had heard that port scans were *very* fast to occur so it was with a LOT of
trepidation that I opened port 22, ssh, for use through my firewall to my home
server.
Didn't take long for probes:
sshd[6148]: Did not receive identification string from 60.50.201.183
sshd[6464]: Did not receive identification string from 109.165.56.95
.. one from Kuala Lumpur, the other from Russia as well as I can tell.
I disabled ssh password authentication, using public/private keys only. This
seems safe, but who knows .. the config file is a bit hard to understand, I
used:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Security experts: is it reasonably safe to open the firewall port 22 if only
key access is allowed? Does the config above do the trick?
I know some folks move the port to 24 or some other to obscure the port usage,
but I didn't see that as important .. but am I wrong, and it *is* a good idea
to move the ssh port? I believe the 'bots are pretty agile.
My ip is 65.19.28.73 (or backspaces.dyndns.org) if you'd like to try it.
-- Owen
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
lectures, archives, unsubscribe, maps at http://www.friam.org
