On 2/19/11 8:45 AM, Rick Sewill wrote: > On Saturday, February 19, 2011 04:28:11 am Anne Wilson wrote: >> On Saturday 19 February 2011 10:20:30 Tim wrote: >>> On Fri, 2011-02-18 at 16:07 -0500, Alex wrote: >>>> I'd like to move it to a higher port to avoid the normal doorknob >>>> rattling that occurs with ssh running on a public server. >>> Even with it on a different port, you'd probably want to implement some >>> firewalling that auto-bans an IP after few failed attempts. That stops >>> them from continually trying to get through. >>> >>> I think there was a package called fail2ban, or something similar, that >>> did that automatically. >> Fail2ban is easy to set up, and I've seen it stop attempts here. >> >> Anne > The one time I suffered a rootkit on Linux was when someone > used a bug in ssh to get into my system. Fortunately, for me, > I discovered the rootkit within hours of it happening and reloaded. > > I am paranoid about ssh and welcome suggestions that increase my ssh > security configuration, in particular, and overall security, in general. Sounds like you have a good security policy. Scan often is one thing that it appears you do as you caught the compromise of your system quickly. No system on the Internet is totally secure, and you applied that policy well. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines