[CentOS] Securing SSH wiki article outdated

Always Learning

centos at u64.u22.net
Fri Feb 13 21:02:26 UTC 2015

On Fri, 2015-02-13 at 11:21 -0500, m.roth at 5-cent.us wrote:

> I disagree - I am in the "waste of time" camp. The reality is that only
> script kiddies start out by trying 22 (and I *do* mean script kiddies -
> I've seen attempts to ssh in that were obviously from warez, man, where
> they were too stupid to fill in ___ with a username, or salt. All the
> others, I figure they don't need to be major league, just someone with a
> clue, who'll run a scan; in fact, I'd expect them to run a scan just to
> see what IPs were visible, and I know that if I was writing a scan, I
> don't assume that I'm *so* brilliant that I'm the only one to think of
> scanning ports < 1k while looking for systems that I might hit.

Changing SSH port to a non-standard port is the beginning. Restricting
access to that port to a few IPs is another layer of protection .... and
then more things are done to lessen the chances of unauthorised access.


England, EU.      Je suis Charlie.

More information about the CentOS mailing list