On 2008-02-03, Dan Farrell <[EMAIL PROTECTED]> wrote: >> So you're saying ssh running on an unusual port is good >> enough?
For some value of "good enough", yes. > I'm no expert, but from my logs: SSH attempts (from bots in > Shanghai and the like) on port 22 number in the thousands, > unexpected SSH attempts on the nonstandard ports I run SSH on > (actually it's firewall-level port forwarding) have not yet > been logged. I usually run ssh on non-standard ports. It does cut down a lot on breaking attempts. It's still an open port, and you still need to make sure ssh/openssl is kept updated. Blacklisting a source IP after multiple failed attempts within a time period is probably a good idea regardless. -- Grant Edwards grante Yow! Yow! I just went at below the poverty line! visi.com -- gentoo-user@lists.gentoo.org mailing list