[CentOS] SSH attacks from china

Fri Jul 24 10:05:19 UTC 2009
Ralph Angenendt <ra+centos at br-online.de>

Andreas Rogge wrote:
> Am Donnerstag, den 23.07.2009, 19:45 +0100 schrieb Miguel Medalha:
> > I moved the ssh port from the standard 22 to a high port. The attempts 
> > to break into my servers disappeared. The logs are clean now. I would 
> > advise you to do the same. Choose a high (> 1024) unused port and 
> > configure the clients accordingly.
> > 
> *cough*
> A port > 1024 for SSH? Actually that means that if your sshd dies every
> normal user can start to listen on that port with watever they want.
> Of course, there is still the host key. However, AFAICT most normal
> users just ignore host key changes...

I just do a portforward on the firewall to achieve that -> port 12345 on
the fw goes to 22 on the host :)

Cheers,

Ralph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20090724/d36ee6db/attachment-0005.sig>