Blocking SSH access based on bad logins?
Polytropon
freebsd at edvax.de
Tue Aug 25 14:35:07 UTC 2015
On Tue, 25 Aug 2015 14:52:58 +0100, Matt Smith wrote:
> On Aug 25 16:29, Reko Turja wrote:
> >IMO switching SSH port is security by obscurity, determined attacker
> >will eventually find the altered port if so inclined.
>
> I agree that it is security by obscurity but when I ran SSH on port 22
> it was syslogging at least several hundred login attempts every day,
> currently I run it on port 422 and it's never had one single login
> attempt that wasn't myself.
You could say that changing the SSH port is "reducing line noise".
A hacker can always run a port scan and find out what port you're
actually running SSH on. But most "wide range attacks", usually
run from fleets of zombie "Windows" PCs, do not do this. Sophisti-
cated attackers _will_ do it. So it's not really an obstacle.
> Obviously you have to make sure it's also
> secure regardless which I do by requiring that the login is either with
> a key, or if with a password it also requires a one-time-password 6
> digit code read from an app on my phone.
"Having been moved" and "being secure" are two totally different
categories. Never confuse. :-)
--
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...
More information about the freebsd-questions
mailing list