Blocking SSH access based on bad logins?

Polytropon freebsd at
Tue Aug 25 14:35:07 UTC 2015

On Tue, 25 Aug 2015 14:52:58 +0100, Matt Smith wrote:
> On Aug 25 16:29, Reko Turja wrote:
> >IMO switching SSH port is security by obscurity, determined attacker 
> >will eventually find the altered port if so inclined.
> I agree that it is security by obscurity but when I ran SSH on port 22 
> it was syslogging at least several hundred login attempts every day, 
> currently I run it on port 422 and it's never had one single login 
> attempt that wasn't myself.

You could say that changing the SSH port is "reducing line noise".
A hacker can always run a port scan and find out what port you're
actually running SSH on. But most "wide range attacks", usually
run from fleets of zombie "Windows" PCs, do not do this. Sophisti-
cated attackers _will_ do it. So it's not really an obstacle.

> Obviously you have to make sure it's also 
> secure regardless which I do by requiring that the login is either with 
> a key, or if with a password it also requires a one-time-password 6 
> digit code read from an app on my phone.

"Having been moved" and "being secure" are two totally different
categories. Never confuse. :-)

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list