On Monday 06 February 2006 17:46, James Gagnon wrote:
Thanks Will. One thing I have always done with SSH is run it on a non-default port. Its funny I left it on 22 once and watched the log reports every morning in my email for a few days and the amount of people trying to login as the root user was amazing... the report was 40-50 lines longer than normal just from all the attempts... I then chose a port over 10000 as they say most port scanners usually scan port 1-10000. Once I did that I have not seen one attempt to try and access root through SSH or any user for that matter. Good tip though... =)
Not only do I use a *high* port, but I also restrict acceptable connections to just a few IP addresses, with one machine having *ONLY* an ssh port globally open, accepting only keys, no passwords, on a high port as a "gateway" for when I need to get in from someplace other than the small list of approved addresses.
I've had ZERO problems with this. But, when SSH was on 22, and open to the world, I saw something like 30,000 attempts on the root account in a single 24 hour period. Holy fscking sh--! (Not that it did any good, you couldn't login as root without an RSA key)
-Ben