On Sat, Nov 19, 2005 at 10:41:52AM -0500, Tony Nelson wrote: > Port obscurity is not much of a strategy. Maybe the current scripts don't > try other ports, but it would be simple enough to add a port scan and then > probe all open ports. Expect it. The only "advantage" I see to a different port is a slightly reduced performance impact from brute force attempts, and cleaner incidence logs. > I suggest one of the secure ways to set up SSH: public key pair or > encrypted passwords. And only allow SSH 2. Public key should be simple > /enough/ to set up; your user would need to make a key with GPG and put the > private key in the right place (I think man ssh tells where) and give you > the public key to put in the right place. Someone mentioned to me in passing the other day, that you can have sshd require both a key, and password authentication. Which sounds kind of neat, because then you don't have to trust that the user has a password on their key. :) Cheers, -danny -- http://dannyman.toldme.com/
