Re: tightening ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/19/05, Claude Jones <claude_jones@xxxxxxxxxxxxxx> wrote:
> I've been reading up, and talking up, various security strategies. One thing
> that is striking to me in looking at logs for my servers are the endless ssh
> probes that go on. It appears to be one of the most common. Up till recently,
> I had dealt with this by using firewall rules to allow ssh access only to
> selected ip addresses - to all others, the port appears closed (I checked
> this with port scans). Now, I must change strategies. I need to give access
> to an associate who gets his dsl ip address via dhcp, so it's always
> changing. I'm not quite ready to try port knocking, so, the other suggestion
> I read over and over is to provide ssh on a non-standard port. So, I throw
> this out to the collective experience - what's your take on that strategy?
> Won't simple scans reveal the existence of ssh access on a non-standard port?
> Is this really much protection? Is it merely a question of reducing odds?
>

http://developedtraffic.com/2005/06/19/server-ssh-login-attempt-throttle/

Be advised that there are some bugs associated with iptable's "recent"
module.  You should research these bugs before implementing.

--
Jiann-Ming Su
"I have to decide between two equally frightening options.
 If I wanted to do that, I'd vote." --Duckman
"The system's broke, Hank.  The election baby has peed in
the bath water.  You got to throw 'em both out."  --Dale Gribble


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux