On Fri, 2015-02-13 at 11:21 -0500, m.roth@5-cent.us wrote:
I disagree - I am in the "waste of time" camp. The reality is that only script kiddies start out by trying 22 (and I *do* mean script kiddies - I've seen attempts to ssh in that were obviously from warez, man, where they were too stupid to fill in ___ with a username, or salt. All the others, I figure they don't need to be major league, just someone with a clue, who'll run a scan; in fact, I'd expect them to run a scan just to see what IPs were visible, and I know that if I was writing a scan, I don't assume that I'm *so* brilliant that I'm the only one to think of scanning ports < 1k while looking for systems that I might hit.
Changing SSH port to a non-standard port is the beginning. Restricting access to that port to a few IPs is another layer of protection .... and then more things are done to lessen the chances of unauthorised access.