[CentOS] Iptables questions

Timo Schoeler timo.schoeler at riscworks.net
Wed Aug 11 09:47:59 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

thus Eero Volotinen spake:
>>>> I have  a server sitting right on the net and the constant barrage of 100s
>> of
>>>>  Ips trying thousands of times at port 22 is insane.
>>> You're quite sane.  Anyone likely to hit your ssh at its new port is likely
>>> to try port 22 first.  So if they show up there first, blocking them is good
>>> - unless you have  legitimate users who may forget to go to your special port
>>> and so get locked  out after trying the default port first.
>> There's also port knocking...
> 
> how about enabling ssh login only with public keys ?

What about using a different port, if narrowing down the networks/hosts
*allowed* to connect to the machine is not an option, as it seems?

Timo

> --
> Eero,
> RHCE
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFMYnHPfg746kcGBOwRAhi+AKCZ9xxjfy7W53HzIYaIB7pKI0eUOQCfcHy2
/iNpi+xZK9vMf9r8c1gTkbo=
=xV/P
-----END PGP SIGNATURE-----



More information about the CentOS mailing list