On 2016-05-17, Always Learning <centos at u68.u22.net> wrote: > > (1) I would change the port from 22 to something more difficult to > guess, perhaps 49026 (for example) and then block port 22 in the > firewall. > > (2) Allow to port 49026 (for example) traffic from your IP and block > traffic from all other IPs. > > Do not forget there are people out there desperate to get into your > computer system, so make it more difficult for them. If you've blocked access to the sshd port for all but whitelisted IPs, there's little point in moving sshd to a nonstandard port. If you want defense in depth, use the cloud firewall, the host firewall, and something like sshguard, and just leave sshd on port 22. --keith -- kkeller at wombat.san-francisco.ca.us