Re: Undesired ssh login attempts
Roberto C Sánchez wrote:
> On Sun, Jun 10, 2018 at 11:09:49AM -0000, Dan Purgert wrote:
>> deloptes wrote:
>> > Hi,
>> > I recently get many of those, which means someone found out that ssh
>> > external is on port 22222 and is trying to do some evil work there.
>> > Should I worry or do something?
>>
>> Use key-based auth only
>> Ensure root ssh login is not allowed
>> Perhaps fail2ban (or equivalent)
>> Perhaps forget about funny ports (as they're "security by obscurity" at
>> best).
>>
> In the past I was of a similar opinion regarding the use of a
> non-standard port for SSH. However, some of clients do this and the
> main observed benefit is less noise in the logs. As long as the
> administrator understands that it does not improve security, and is
> willing to deal with the occasional inconvenience of an alternate port,
> there is nothing really wrong with it.
Which is why I prefaced that option with "perhaps". Not that I've
*never* used non-standard ports for services, but it's always with a
reason (e.g. secondary service, less log noise, don't want the program
to require root permissions, etc.)
--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
Reply to: