--On Saturday, July 21, 2007 9:22 AM +0200 "M. Fioretti" mfioretti@mclink.it wrote:
- set up only ssh2 on a non standard port
Depending on the environment, I have found that this is not a useful tool. The problems I have encountered is that it just turns off some of the attacks.
I agree, but I have noticed in the past, and read in several places, that it's not security through obscurity: its main usefulness would not as much extra security as saving a bit of bandwidth and server load from automated attacks with off the shelf scripts.
There's some automated attack that fills one's logs with noise, and it's useful to move ssh to a non-standard port simply to quiet the logs, so that "real" attacks will stand out. For port 22, one can either use iptables to drop the connection attempts, or use tcpwrappers and set up a dummy script or even a honeypot to trap the script kiddies.