[CentOS] Securing SSH wiki article outdated

Always Learning centos at u64.u22.net
Fri Feb 13 15:05:42 UTC 2015


On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:

> On 02/13/2015 09:15 AM, Chris Adams wrote:
> > Yeah, the old "move stuff to alternate ports" thing is largely a waste 
> > of time and just makes it more difficult for legitimate use. With 
> > large bot networks and tools like zmap, finding services on alternate 
> > ports is not that hard for the "bad guys". 

> Having SSH on 22 is lower-hanging fruit than having SSH on a different 
> port.  Sure, an NBA all-star will be able to reach the apples at the top 
> of the tree easily, but most people are not NBA all-stars.  Most 
> port-scanners do not scan all possible ports.
> 
> And I am fully aware that people in the 'it's a waste of time' camp are 
> unmoved by that.  It's not worth arguing about; those who move to 
> non-standard ports are going to want to do it anyway.

Lamar's comments are very sensible.

I always change the SSH port to something conspicuously different. Every
server has a different and difficult to guess SSH port number with
access restricted to a few IP addresses.

Waste of time = all the time and energy required to clean-up after a
hacker's breech when a few seconds work selecting a different port could
make a beneficial improvement to security. 

-- 
Regards,

Paul.
England, EU.      Je suis Charlie.





More information about the CentOS mailing list