[CentOS] Securing SSH wiki article outdated

Fri Feb 13 21:02:26 UTC 2015
Always Learning <centos at u64.u22.net>

On Fri, 2015-02-13 at 11:21 -0500, m.roth at 5-cent.us wrote:

> I disagree - I am in the "waste of time" camp. The reality is that only
> script kiddies start out by trying 22 (and I *do* mean script kiddies -
> I've seen attempts to ssh in that were obviously from warez, man, where
> they were too stupid to fill in ___ with a username, or salt. All the
> others, I figure they don't need to be major league, just someone with a
> clue, who'll run a scan; in fact, I'd expect them to run a scan just to
> see what IPs were visible, and I know that if I was writing a scan, I
> don't assume that I'm *so* brilliant that I'm the only one to think of
> scanning ports < 1k while looking for systems that I might hit.

Changing SSH port to a non-standard port is the beginning. Restricting
access to that port to a few IPs is another layer of protection .... and
then more things are done to lessen the chances of unauthorised access.


-- 
Regards,

Paul.
England, EU.      Je suis Charlie.