[CentOS] google cloud compute with PEM file
Keith Keller
kkeller at wombat.san-francisco.ca.us
Wed May 18 03:17:52 UTC 2016
On 2016-05-17, Always Learning <centos at u68.u22.net> wrote:
>
> (1) I would change the port from 22 to something more difficult to
> guess, perhaps 49026 (for example) and then block port 22 in the
> firewall.
>
> (2) Allow to port 49026 (for example) traffic from your IP and block
> traffic from all other IPs.
>
> Do not forget there are people out there desperate to get into your
> computer system, so make it more difficult for them.
If you've blocked access to the sshd port for all but whitelisted IPs,
there's little point in moving sshd to a nonstandard port. If you want
defense in depth, use the cloud firewall, the host firewall, and
something like sshguard, and just leave sshd on port 22.
--keith
--
kkeller at wombat.san-francisco.ca.us
More information about the CentOS
mailing list