On Tue, July 22, 2008 09:34, Rudi Ahlers wrote: > By changing the ports on all our servers to a high (above 1024) port, we > have eliminated SSH scans altogether - been running like that for a few > years now without any problems. The next step up from that is some form of "port knocking" scheme -- where the outsider must first attempt to connect to some particular *other* port to trigger ssh to be ready to listen on the (non-standard) SSH port. On the other hand, why are people so worried about SSH scans? I'm worried about who actually gets in, not who connects to the port. Strong password quality enforcement, or maybe requiring public-key authentication, seem like a more useful response. (I'm seeing a lot of failed ssh connects myself right now. Another system here has been blocking every /24 we get a failed connect from, with the result that they had to add a special rule to let my home systems log in! This could easily result in my being unable to get in from arbitrary locations in the field in an emergency, which seems not good.) -- David Dyer-Bennet, dd-b at dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info