mouss <mouss at netoyen.net> wrote: >> If you consider this security through obscurity, then why not publish the list of your users on a public web page? after all, you should use strong passwords, so why hide usernames? << Usernames are comparatively hard to guess, and chosen from a large space - although email addresses often provide a huge clue. By contrast, there are only 64K port numbers (and only 1K privileged ports, all of which will be scanned by default with nmap) - and to make it worse, the attacker only has to telnet or nc to a port and sshd will obligingly send back its version number and protocol version info as plaintext. So, the added "obscurity" is effectively zero. I sort of half-buy the log volume/noise argument, but rate-limiting and good analysis tools deal with this as well. And it does nothing for the stress level, since the serious adversary will see through your non-standard port number in seconds. Best, --- Les Bell, RHCE, CISSP [http://www.lesbell.com.au] Tel: +61 2 9451 1144 FreeWorldDialup: 800909