[CentOS] Securing SSH

Wed Mar 26 11:31:16 UTC 2008
Kai Schaetzl <maillists at conactive.com>

Robert Spangler wrote on Tue, 25 Mar 2008 20:33:02 -0400:

> Is an option but a waste of time as a scanner will find the port it was moved 
> to.

It's not a waste. Port scanning takes time, so, in general, those brute-force 
bots just try port 22. Only if someone really wants to hack you and especially 
you they will go any further.
I changed the port on one of my machines because I had to provide SSH access
from other nets as well. I have to admit I also reduced accessibility to a few 
hundredthousand IP numbers from two big providers. Since then (years ago) I 
haven't seen any brute-force attacks.

> The idea of only allowing for strict ip address is good but what if you are on 
> the move?

If you have a static IP address, this is not a problem. You VPN into your home 
LAN and from there to the restricted machine.

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com