On Tuesday 05 April 2011 11:27:49 Rudi Ahlers wrote: > On Tue, Apr 5, 2011 at 10:17 AM, John Hodrien <J.H.Hodrien at leeds.ac.uk> wrote: > > On Tue, 5 Apr 2011, rrichard at blythe.org wrote: > >> 1) Move sshd to another > >> port, one higher than 5000 > > > > I'd have mixed feelings about the Wisdom of running on a non-reserved > > port. > > Why, > > We've been running SSH on hundreds of servers on a port higher than > 5000 for year now and no problems at all. I'm also running ssh on non standard port for more then 7 years and this is on a couple of thousend servers. Its not a problem if you simply add 'Port XXX' to your ~/.ssh/config . However, the traffic to ssh has reduced with only 40%. In the begining it was very good, we were surprised, how almost all failed attempts dissapeared. But in the following months that number increased and reached 60-65% of the original number. Introducing a Hawk helped us a lot. Tools like Hawk and fail2ban are quite useful, actually only thinks like that have good impact on the bruteforce attempts. Regards, Marian Marinov -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20110405/ec71f82e/attachment-0003.sig>