[CentOS] One approach to dealing with SSH brute force attacks.

Wed Jan 30 20:15:42 UTC 2008
Milton Calnek <milton at calnek.com>

Good security is like an onion.  The users' think it smells...
No, it's layered.

Changing the the sshd port from the default does add a layer, a thin 
layer, but a layer all the same.

The rate limiting is a somewhat thicker layer.

I personally prefer to block all ssh traffic from the internet and have 
my customers vpn to my server which let's me ssh over the vpn to their 
machines. If they happen to have dynamic addresses, it doesn't matter to me.

Patrick wrote:
> Brian Mathis wrote:
> 
>> @James:
>> As for the "security through obscurity" post, you are missing the
>> point.  Changing the port number that SSH runs on is not "security
>> through obscurity".  Moving an already highly secure service to a
>> different port so scanners don't hit it automatically is a different
>> thing.  This type of move is purely to reduce the amount of garbage in
>> one's log file due to automated scans.  However, I do agree that there
>> are probably better ways to handle the situation, such as using rate
>> limiting.
> 
> Not to mention that if there is a lot less "garbage", it is much easier 
> to catch
> something trying to sneak in. So it does have an element of security to it.
> 
> Patrick
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

-- 
Milton Calnek BSc, A/Slt(Ret.)
milton at calnek.com
306-717-8737


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.