[CentOS] Securing SSH wiki article outdated
Lamar Owen
lowen at pari.edu
Fri Feb 13 14:46:25 UTC 2015
On 02/13/2015 09:15 AM, Chris Adams wrote:
> Yeah, the old "move stuff to alternate ports" thing is largely a waste
> of time and just makes it more difficult for legitimate use. With
> large bot networks and tools like zmap, finding services on alternate
> ports is not that hard for the "bad guys".
Having SSH on 22 is lower-hanging fruit than having SSH on a different
port. Sure, an NBA all-star will be able to reach the apples at the top
of the tree easily, but most people are not NBA all-stars. Most
port-scanners do not scan all possible ports.
And I am fully aware that people in the 'it's a waste of time' camp are
unmoved by that. It's not worth arguing about; those who move to
non-standard ports are going to want to do it anyway.
More information about the CentOS
mailing list