On Fri, 2008-03-28 at 21:12 -0600, Dave Smith wrote: > In the past, I have used /etc/hosts.[deny|allow] to secure my SSH server > by restricting access to a limited number of IP addresses. This has > worked very well for me over the past 3 or 4 years, but now I need to > allow access to a non-enumerable set of client IP addresses, so I am > considering alternate methods. The first method on my list is to require > key-based authentication (no passwords). Secondly, I'm thinking about > using an alternate port (ie, 2222 instead of 22) simply to ward off > automated botnet logins. > > Does anyone see a problem with this? Any other ideas?
I second everything everyone else said. However, I want to present one argument for changing the ports. There are plenty bots out there that are scanning IPs one by one and looking for ssh servers. They are scanning port 22 only. I know this because I fell to this attack once. I saw the program and found out exactly what it was doing. It was scanning IPs one at a time and trying to connect to port 22 over ssh. Then if it found ssh open it would try a dictionary attack. Now that being said. IF someone is trying to attack your box, then they will find the SSH port if it is not on a default port. But if it is some script kitty, their bots will pass you on by. Now is this security, NO it is not. I am aware of that. It is the same as hiding money under the mattress or putting a safe behind a picture. Not any more secure but prevents you from some attacks. Nathan
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
