Re: On defense of the sshd crackers

To: debian-user@lists.debian.org
Subject: Re: On defense of the sshd crackers
From: Joe <joe@jretrading.com>
Date: Tue, 09 Oct 2007 19:38:09 +0100
Message-id: <[🔎] feghql$5r5$1$8302bc10@news.demon.co.uk>
In-reply-to: <9cpOT-9O-13@gated-at.bofh.it>
References: <[🔎] feg2jk$kv3$1@sea.gmane.org> <[🔎] 20071009143238.GC444@khazad-dum.debian.net> <[🔎] 20071009145651.GA6952@titan.hooton>

Douglas A. Tutty wrote:


I don't figure that there's anything to keep the barbarians from
pounding at the gate.  Given that they use port scanners to check for
open ports, changing the default port propably won't help.  Set up sshd
for the most restrictive policy that will allow you to do what you need.

It's all automated, and nobody yet is willing to throw a portscanningbot at 65000 ports at a time, so putting ssh on a high port will keepyour logs clean. I look after three net-facing ssh installations, andnone has seen a single attempt since moving them up high. I've onlyactually changed the port on one, the others have the router set toforward down to 22.

But yes, forget the password thing, use keys, and you won't care howmany guesses they make.

Reply to:

References:
- On defense of the sshd crackers
  - From: T o n g <mlist4suntong@yahoo.com>
- Re: On defense of the sshd crackers
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: On defense of the sshd crackers
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: gnome alarm clock / egg timer?
Next by Date: Re: Cannot apt-get update
Previous by thread: Re: On defense of the sshd crackers
Next by thread: Re: On defense of the sshd crackers
Index(es):
- Date
- Thread