limit number of ssh connections
Robert Bonomi
bonomi at mail.r-bonomi.com
Tue Sep 20 02:08:22 UTC 2011
> From owner-freebsd-questions at freebsd.org Mon Sep 19 19:12:32 2011
> From: merlyn at stonehenge.com (Randal L. Schwartz)
> To: Paul Macdonald <paul at ifdnrg.com>
> Date: Mon, 19 Sep 2011 17:12:14 -0700
> Cc: James Strother <jstrother9109 at gmail.com>, freebsd-questions at freebsd.org
> Subject: Re: limit number of ssh connections
>
> >>>>> "Paul" == Paul Macdonald <paul at ifdnrg.com> writes:
>
> Paul> in my experience running ssh on a high port cuts the amount of
> Paul> unwanted ssh connections to approximately zero, in fact i got a
> Paul> surprise when seeing a sec log from a box which i hadn't done this
> Paul> for
>
> I run sshd on 443 (for firewall-bending reasons), and the only
> connections I see there are people trying to break into the web. Never
> an actual sshd hit. :)
A wise man said: "this belongs in the "security for dummies" pile right
along with "turning off your SSID announce" and "use MAC address filtering"
when people talk about wifi "security". All three are useless and give you
a false sense of having "increased" security.
IT is worthy of note that 'merely' running sshd on an 'unconventional'
port provides _less_ of an increase in security than portknocking does. :)
That said, _I_ also run sshd on the "well-known port" for unrelated services.
*NOT* because I have a belief it provides any increase in security -- it
_doesn't_ -- but simply to eliminate the script-kiddie 'doorknob rattling'
'clutter' from the logs. Making it far easier to see a truely 'targeted'
attempt. 'Clutter elimination' makes it -- *or* portknocking -- "worth
doing" even though neither provide any "measurable" increase in 'real'
security.
More information about the freebsd-questions
mailing list