[CentOS] SSH attacks from china
Ralph Angenendt
ra+centos at br-online.de
Fri Jul 24 10:05:19 UTC 2009
Andreas Rogge wrote:
> Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha:
> > I moved the ssh port from the standard 22 to a high port. The attempts
> > to break into my servers disappeared. The logs are clean now. I would
> > advise you to do the same. Choose a high (> 1024) unused port and
> > configure the clients accordingly.
> >
> *cough*
> A port > 1024 for SSH? Actually that means that if your sshd dies every
> normal user can start to listen on that port with watever they want.
> Of course, there is still the host key. However, AFAICT most normal
> users just ignore host key changes...
I just do a portforward on the firewall to achieve that -> port 12345 on
the fw goes to 22 on the host :)
Cheers,
Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090724/d36ee6db/attachment.sig>
More information about the CentOS
mailing list