[vox-tech] Why change default ssh port?
Sameer Verma
sverma at sfsu.edu
Sat Jun 17 10:14:56 PDT 2006
Ryan wrote:
> On Monday 12 June 2006 12:27 pm, Rick Moen rick-at-linuxmafia.com |lugod|
> wrote:
>
>> Quoting Micah J. Cowan (micah at cowan.name):
>>
>>> This seems a /bit/ harsh. And MB does make a valid point that the ROI on
>>> simply shifting the ports is somewhat impressive.
>>>
>> "Return" in this context, on a properly maintained and administered
>> system, means "reduce from near-zero to near-zero".
>>
>> Of course, many people in practic measure "return" by "number of lines
>> per logcheck report to obsess over, because I'm really new to this
>> security thing and worry a lot".
>>
>
> I run SSH on a port that is not 22 as well, for the simple reason that I do
> not want to see the infernal bot probings show up in my log files on boxes
> that I cannot firewall to only allow access from specific networks. And it
> will prevent wide scale untargeted automated attacks. Certinaly it is no
> substitute for patching and proper configureing of SSH, but IMHO it is worth
> doing, as long is you keep in mind that if there's an exploit in SSHd it's
> not a fix, and at most will prevent the dumber script kiddies from owning
> your box.
>
>
While all my machines run sshd on port 22, I have had some level of
success with running DenyHosts. This is python based and looks for
patterns of repeated login attempts and failures in the log and places
those hosts in the /etc/hosts.deny file. Interestingly, most IPs on that
list are APNIC ones.
So far, I haven't had any reports of false positives, where a legitimate
user got blocked out for repeat attempts at login with wrong passwords.
http://opensource.sfsu.edu/node/122
Sameer
--
Dr. Sameer Verma, Ph.D.
Asst. Professor of Information Systems
San Francisco State University
San Francisco CA 94132 USA
http://verma.sfsu.edu/
http://opensource.sfsu.edu/
More information about the vox-tech
mailing list