On 05/06/07, Phil Scarratt <[EMAIL PROTECTED]> wrote:
Voytek Eymont wrote: > my logs are littered with the usual failed login crap; > > is moving ssh to a different port 'good idea' ? > preferabley some port that will still allow me access from various places. > what port ? port range ? > yes, if only to save the crap in the logs. Any port above say 40000
I use non-standard ports under 1024 for both my ssh and apache service just for that reason - haven't seen evidence of a single port scan on their logs since I changed the ports few years ago, and I managed to connect to the non-standard ports from anywere I tried. Another option that you might want to consider to keep your mind at rest is to forbid password-enabled log ins - instead you can force private/public key for authentication. (The web site isn't published anywere on the public internet, only via private e-mails to people I more-or-less trust, otherwise it would make less sense to move it). --Amos -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
