[CentOS] Iptables questions
Timo Schoeler
timo.schoeler at riscworks.net
Wed Aug 11 09:47:59 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
thus Eero Volotinen spake:
>>>> I have a server sitting right on the net and the constant barrage of 100s
>> of
>>>> Ips trying thousands of times at port 22 is insane.
>>> You're quite sane. Anyone likely to hit your ssh at its new port is likely
>>> to try port 22 first. So if they show up there first, blocking them is good
>>> - unless you have legitimate users who may forget to go to your special port
>>> and so get locked out after trying the default port first.
>> There's also port knocking...
>
> how about enabling ssh login only with public keys ?
What about using a different port, if narrowing down the networks/hosts
*allowed* to connect to the machine is not an option, as it seems?
Timo
> --
> Eero,
> RHCE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFMYnHPfg746kcGBOwRAhi+AKCZ9xxjfy7W53HzIYaIB7pKI0eUOQCfcHy2
/iNpi+xZK9vMf9r8c1gTkbo=
=xV/P
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list