[CentOS] Securing SSH wiki article outdated
Always Learning
centos at u64.u22.net
Fri Feb 13 15:05:42 UTC 2015
On Fri, 2015-02-13 at 09:46 -0500, Lamar Owen wrote:
> On 02/13/2015 09:15 AM, Chris Adams wrote:
> > Yeah, the old "move stuff to alternate ports" thing is largely a waste
> > of time and just makes it more difficult for legitimate use. With
> > large bot networks and tools like zmap, finding services on alternate
> > ports is not that hard for the "bad guys".
> Having SSH on 22 is lower-hanging fruit than having SSH on a different
> port. Sure, an NBA all-star will be able to reach the apples at the top
> of the tree easily, but most people are not NBA all-stars. Most
> port-scanners do not scan all possible ports.
>
> And I am fully aware that people in the 'it's a waste of time' camp are
> unmoved by that. It's not worth arguing about; those who move to
> non-standard ports are going to want to do it anyway.
Lamar's comments are very sensible.
I always change the SSH port to something conspicuously different. Every
server has a different and difficult to guess SSH port number with
access restricted to a few IP addresses.
Waste of time = all the time and energy required to clean-up after a
hacker's breech when a few seconds work selecting a different port could
make a beneficial improvement to security.
--
Regards,
Paul.
England, EU. Je suis Charlie.
More information about the CentOS
mailing list