On Wed, September 23, 2015 00:11, Always Learning wrote:
That is great. When I started on Linux that was one of the very first things I did. Every machine, including servers, has port 22 replaced by a unique alternative port. Port 22 is also blocked in IPtables.
There is an army of dangerous nutters attempting to break-in to everything. They often mask their attacks using compromised Windoze computers all around the world.
Changing the port that sshd listens on solves nothing from a security perspective. The only people that this action deflects are the script-kiddies. Who are admittedly numerous and who can be dangerous but usually are just low-talent opportunists.
Moving the port by itself still opens a functioning connection to the internet on a service that is inherently susceptible to brute force and rainbow attacks. The 'dangerous' people on the Internet will find this port in a heartbeat and they are far more worrisome than the script-kiddies. Since you absolutely must build a defence against these opponents anyway then you might as well leave the service on the default port to avoid screwing up legitimate users expectations.
I grant that dealing with an excessive logfile volume can be a consideration. However, this issue is often best dealt with through scripting your own analysis and reporting programs or employing someone else's. And is often solved with an aggressive set of firewall rules. In fact, the volume of entries should be a good indication of how well your defence is serving you. As you tighten the access rules and dynamically block persistent abusers then the volumes should drop and stay fairly low.
Moving the port by itself is like rearranging the deck chairs on a sinking ship. It does not address the fundamental issue. Plus assignment to a non-standard port adds to maintenance and support load since it must be separately accounted for each time it is referenced.