Need urgent help regarding security

Marian Hettwer MH at kernel32.de
Mon Nov 21 00:33:16 PST 2005


Hi there,

ray at redshift.com wrote:
> 
> Also, if you have access to the router, it's handy to re-write traffic from a
> higher public port down to port 22 on the server, since that will trip up anyone
> doing scans looking for a connect on port 22 across a large number of IP's.
>
No. That's security by obscurity and doesn't make your system even a wee 
bit more secure.
Disable root login via ssh (like already mentioned), enforce public-key 
authentication and maybe even go with OPIE.

> Anyway, just a couple of ideas I thought might be helpful while on the subject
> of SSH hardening :-)
>
all of them were about hardening, except the security by obscurity 
"put-the-sshd-on-another-port" advice ;)
don't do that.

Regards,
Marian


More information about the freebsd-security mailing list