On Tue, July 22, 2008 11:57, MHR wrote:
On Tue, Jul 22, 2008 at 8:16 AM, David Dyer-Bennet dd-b@dd-b.net wrote:
The next step up from that is some form of "port knocking" scheme -- where the outsider must first attempt to connect to some particular *other* port to trigger ssh to be ready to listen on the (non-standard) SSH port.
On the other hand, why are people so worried about SSH scans? I'm worried about who actually gets in, not who connects to the port. Strong password quality enforcement, or maybe requiring public-key authentication, seem like a more useful response. (I'm seeing a lot of failed ssh connects myself right now. Another system here has been blocking every /24 we get a failed connect from, with the result that they had to add a special rule to let my home systems log in! This could easily result in my being unable to get in from arbitrary locations in the field in an emergency, which seems not good.)
You have, perhaps, heard of denial-of-service attacks?
Yes, but if there are *any* ports exposed, seems like those are equally possible. For that matter, if my ports were all closed, they could still be sending enough packets up my link that I was DOSed pretty much into oblivion.