ssh Access from the internet

Christopher Browne cbbrowne-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon May 12 22:15:06 UTC 2008


On Mon, May 12, 2008 at 5:48 PM, Ansar Mohammed <ansarm-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> I am getting increasingly annoyed with the random bots brute forcing ssh on
> my public IPs. What do you guys use?

Well, if you configure ssh to reject password-based access, then
there's no way for them to "brute force" anything.

Shifting the incoming service to some non-standard port number, and
blocking ports 22 and 23 would also be a pretty useful idea.  It
doesn't forcibly improve security against an *intent* adversary, but
it should certainly suffice against the bots and "script kiddies."

Another idea that has sometimes worked (haven't used it lately) is to
hide ssh in some higher portion of the port range, and put sniffers on
adjacent ports so that if someone is scanning you, the sniffers can
notice this, and block the adversaries.  That doesn't guarantee
security, but makes it much more improbable for someone that doesn't
have a big block of IP addresses to come from...
-- 
http://linuxfinances.info/info/linuxdistributions.html
"The definition of insanity is doing the same thing over and over and
expecting different results." -- assortedly attributed to Albert
Einstein, Benjamin Franklin, Rita Mae Brown, and Rudyard Kipling
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list