Re: How can I secure a Debian installation?
On Tue, 28 Jan 2014 11:58:22 +0000
Brian <ad44@cityscape.co.uk> wrote:
> On Tue 28 Jan 2014 at 09:46:43 +0000, Joe wrote:
>
> > My recommendation would be to run sshd on a high port number.
> > Before the usual chorus jumps in, I know *that* *does* *not*
> > *improve* *security*,
>
> Fine; we are in agreement.
>
> > but it certainly gives you cleaner log files. Though over a number
> > of
>
> Searching /var/log/auth* for "Failed password for" gives me
>
> 5846
> 16247
> 17517
> 7889
> 7477
>
> so we can agree there too.
>
> > years, I've had vastly more attempts to connect to port 22 than
> > full-spectrum port scans (in fact I've never had one of the latter)
> > and I am forced to conclude than in my personal case, it *does*
> > improve security. But put your trust in good keys, the bots are all
> > looking to
>
> The conclusion appears to contradict the first statement.
While a complete portscan will reveal an ssh server running on a
non-standard port, this doesn't seem to happen often. It seems to me
that the fewer attacks which are made, the less likely it is that one
will succeed. We know that even digital keys are not necessarily secure:
anyone can make mistakes, even people who patch Debian's OpenSSH
suite.
>
> > do password attacks.
>
> Putting your trust in good passwords is not misplaced.
>
>
Good passwords, no. But most of the posts I've seen about hacked Linux
installations where the point of entry was known seem to blame ssh,
possibly because most private installations don't have any other
internet-facing services. Somebody must be doing something wrong.
--
Joe
Reply to: