Steve Siegfried wrote:
Changing ports for ssh isn't actually that hot of an idea. Most port scanners can detect ssh implementations since they normally self-identify. For example, if you're running ssh on the normal port (22), try executing: /usr/bin/telnet YOUR.HOST.IP.ADDR 22 and see what pops out. Hope this helps'idly, -S
Changing SSH ports on my server yielded a 100% drop (yes...100%) in routine script attacks. I still have the usual people checking for phpMyAdmin stuff as well as the others, but nothing comes through on SSH now. And yes, when I did it I heard the whole "security through obscurity is not security" BS but the results cannot be argued with. In summation, CHANGE YOUR SSH PORT. It will work and cut down if not eliminate the script kiddies. Then when someone really starts knocking on your SSH door, it will not be lost in all of the "noise" from the scripters.
Patrick