On Saturday 19 November 2005 06:47, Claude Jones wrote: > Won't simple scans reveal the existence of ssh access on a > non-standard port? Yes. > Is this really much protection? Is it merely a > question of reducing odds? Yes. It'll stop those who use automated scripts that aren't flexible enough to scan for alternative ports. > I need to give access to an associate who gets his dsl ip > address via dhcp, so it's always changing. Do you know what "always changing" means in this context? I too have a few people that log in via an address assigned via dhcp but in practice their address doesn't change but once or twice a year. If this is true in your case a simple exchange of emails to let you know to change the firewall rule for the new address may be the most secure method you're considering. Regards, Mike Klinke
