[Tfug] Stopping repeated login attempts

brandon brandons.daemon at gmail.com
Wed Jan 27 18:58:10 MST 2010


On Wed, Jan 27, 2010 at 6:36 PM, Bexley Hall <bexley401 at yahoo.com> wrote:

> Hi Brandon,
>
> >> Moving SSH to another port would be like moving the door on
> >> your house to prevent burglars from kicking it in.
> >
> > Sure but I don't know many houses that have
> > ~65000 doors =) don't think that is a fair comparison
> >  =)
>
> OTOH, you probably don't know many burglars who can
> kick 1000 doors per second!  ;-)
>
>
Oh I totally agree with you. And if you get all the botnet burglar buddies
involved it really starts to cut down on the time it takes to get stuff
done. Not trying to offend anyone, Louis I think you were my first Unix
instructor at Pima, but why choose port 2222? To me that is probably the
next port I would test if 22 didn't work. Kind of like port 80 and port
8080. I don't think anybody here was suggesting that by moving from port
from 22 to some random port was the end all be all solution. But from my
experience moving sshd off of port 22 to a random port cut down on attempts
to next to nothing. Then totally removing password login, ssh keys, was the
next layer. Only allowing access to those ssh keys by certain IPs  with the
from= was next. There is limiting important boxes sshd access to only one or
two other boxes on the net via firewall or similar. I mean the list goes on
and on each of them with their own pros and cons. And without really know
what his network setup and requirements are. I think it can be a challenge
question to answer.

-Brandon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20100127/58c31986/attachment-0002.html>


More information about the tfug mailing list