On 2008-02-03, Dan Farrell <[EMAIL PROTECTED]> wrote:
>> So you're saying ssh running on an unusual port is good
>> enough?
For some value of "good enough", yes.
> I'm no expert, but from my logs: SSH attempts (from bots in
> Shanghai and the like) on port 22 number in the thousands,
> unexpected SSH attempts on the nonstandard ports I run SSH on
> (actually it's firewall-level port forwarding) have not yet
> been logged.
I usually run ssh on non-standard ports. It does cut down a
lot on breaking attempts. It's still an open port, and you
still need to make sure ssh/openssl is kept updated.
Blacklisting a source IP after multiple failed attempts within
a time period is probably a good idea regardless.
--
Grant Edwards grante Yow! Yow! I just went
at below the poverty line!
visi.com
--
[email protected] mailing list
