On Tue, Jul 22, 2008 at 8:16 AM, David Dyer-Bennet <dd-b at dd-b.net> wrote: > > The next step up from that is some form of "port knocking" scheme -- where > the outsider must first attempt to connect to some particular *other* port > to trigger ssh to be ready to listen on the (non-standard) SSH port. > > On the other hand, why are people so worried about SSH scans? I'm worried > about who actually gets in, not who connects to the port. Strong password > quality enforcement, or maybe requiring public-key authentication, seem > like a more useful response. (I'm seeing a lot of failed ssh connects > myself right now. Another system here has been blocking every /24 we get > a failed connect from, with the result that they had to add a special rule > to let my home systems log in! This could easily result in my being > unable to get in from arbitrary locations in the field in an emergency, > which seems not good.) You have, perhaps, heard of denial-of-service attacks? mhr