> Using an obscure port only prevents attempts being logged, nothing else. And if you’re going to use an alternate port, pick one under 1024. Make it so an attacker needs to be root before they replace your sshd process. If you take that approach, make sure you are using a hardware firewall blocking inbound connections to ports above 1024.
Also SSH Keys, password auth disabled is enough - you don't even need to change your SSH port :D On Tue, Sep 4, 2018 at 8:44 AM Sean Brown <[email protected]> wrote: > On Sep 4, 2018, at 8:40 AM, Natus <[email protected]> wrote: > > > >> Use some tool like fail2ban and/or ssh key authentication. > > > > Also change the default port of your ssh endpoint (eg: 2222) > > > > > > > Using an obscure port only prevents attempts being logged, nothing else. > And if you’re going to use an alternate port, pick one under 1024. Make it > so an attacker needs to be root before they replace your sshd process. > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
