[CentOS] SSH attacks from china
Ralph Angenendt
ra+centos at br-online.de
Fri Jul 24 12:00:25 UTC 2009
John wrote:
> Using a non default port is not the solution, because history has learned
> that security by obscurity never worked.....
It's not "security by obscurity", moving the default port is just to not
see all that garbage in the log files - as the automated scripts don't
check for ssh on different ports than 22.
And save cpu cycles by not having to answer to those requests.
> 1: Use Iptables or other firewall in front of server, to only allow a
> selected group of "trusted" Ip's to access the server trough SSH.
Well, that is not always possible or wanted.
> 2: Enforce Public / Private key Authentication, so that only the users with
> a valid key can access the server.
And yes, you shouldn't be using ssh with password authentication, true.
Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090724/7a3c03ef/attachment.sig>
More information about the CentOS
mailing list