[CentOS] Securing SSH
Kai Schaetzl
maillists at conactive.com
Wed Mar 26 11:31:16 UTC 2008
Robert Spangler wrote on Tue, 25 Mar 2008 20:33:02 -0400:
> Is an option but a waste of time as a scanner will find the port it was moved
> to.
It's not a waste. Port scanning takes time, so, in general, those brute-force
bots just try port 22. Only if someone really wants to hack you and especially
you they will go any further.
I changed the port on one of my machines because I had to provide SSH access
from other nets as well. I have to admit I also reduced accessibility to a few
hundredthousand IP numbers from two big providers. Since then (years ago) I
haven't seen any brute-force attacks.
> The idea of only allowing for strict ip address is good but what if you are on
> the move?
If you have a static IP address, this is not a problem. You VPN into your home
LAN and from there to the restricted machine.
Kai
--
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the CentOS
mailing list