John wrote: > Using a non default port is not the solution, because history has learned > that security by obscurity never worked..... It's not "security by obscurity", moving the default port is just to not see all that garbage in the log files - as the automated scripts don't check for ssh on different ports than 22. And save cpu cycles by not having to answer to those requests. > 1: Use Iptables or other firewall in front of server, to only allow a > selected group of "trusted" Ip's to access the server trough SSH. Well, that is not always possible or wanted. > 2: Enforce Public / Private key Authentication, so that only the users with > a valid key can access the server. And yes, you shouldn't be using ssh with password authentication, true. Ralph -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20090724/7a3c03ef/attachment-0005.sig>