I ended up with the following config... Bind ssh to two ports: 22 and a non standard port
In my firewall rules I specifically allow certain IP's to connect to port 22. These include my internal network (192.168) and a handful of IP's from other hosts that I interact with on a regular basis. Anyone can ssh to the non-standard point, but from what I've seen the attempts are few and far far between since most people aren't looking for it. I used to get a handful or a few hundred handfuls of ssh login failures when I was on just 22, now I get pretty much none. -Kenta On 5/15/08, Bob King <[EMAIL PROTECTED]> wrote: > > According to the Information Week article: > > > http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=207603339 > > > One of the more interesting bits was that the attacks are shifting to a > more distributed model to avoid detection by IDS/IPS systems, using botnets. > > Many distros come with ssh installed by default, and often with root access > allowed by default. I always thought that disabling root access via ssh is a > good idea, but reading this I would assume it would be a good idea to just > deactivate password access via ssh all together and limit access to systems > with keys known to the host. Moving the sshd to a non-standard port would be > another move, but would that stop more than the most basic tools? > > I would be interested in hearing recommendations from other folks on the > list. > > > > > _______________________________________________ > gnhlug-discuss mailing list > gnhlug-discuss@mail.gnhlug.org > http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ > >
_______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
