Blocking SSH access based on bad logins?

krad kraduk at gmail.com
Tue Aug 25 14:22:32 UTC 2015


Its true moving the port will help as most of the stuff that hits you will
be automated scans. Fail2ban also works well in my experience. However
proper firewall acls and disabling password based auth is a better way to
go, but none of these things are mutually exclusive. Remember security is
like an onion.

On 25 August 2015 at 14:52, Matt Smith <fbsd at xtaz.co.uk> wrote:

> On Aug 25 16:29, Reko Turja wrote:
>
>> IMO switching SSH port is security by obscurity, determined attacker will
>> eventually find the altered port if so inclined.
>>
>
> I agree that it is security by obscurity but when I ran SSH on port 22 it
> was syslogging at least several hundred login attempts every day, currently
> I run it on port 422 and it's never had one single login attempt that
> wasn't myself. Obviously you have to make sure it's also secure regardless
> which I do by requiring that the login is either with a key, or if with a
> password it also requires a one-time-password 6 digit code read from an app
> on my phone.
>
> So if all the login attempts bother you, moving the port certainly works.
> Just make sure you also keep it secure in other ways.
>
> --
> Matt
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>


More information about the freebsd-questions mailing list