On 07/25/2010 06:23 PM, Royce Williams wrote:
> Arthur Corliss said, on 07/25/2010 05:49 PM:
>
>> I do run ssh on the normal ports myself, and have seen little value in
>> security by obscurity.
>>
> While I treat my alternate-port services exactly like I would their
> default counterparts, I have found one significant benefit: fewer hits,
> which means simpler logs.
>
>
+1. Even with the filtering I have, I still have more logs than I can
handle and make do by quickly scanning them every few days. Running
SSH on an off-port at least thwarts the thousands of script kiddies and
their ilk from filling my mailbox when they pound the SSH port.
I don't think for a second that I'm invulnerable for not running SSH on
port 22. I still do other things to tighten security. But at least this
way the average number of SSH scans I get per day hovers right around
zero. A coworker of mine who built a simple linux box and left SSH
running on port 22 got a ton of email and many scans per day until I set
up fail2ban and tcpwrappers.
I do like the idea of getting the output of last, and setting up groups
allowed to SSH as well. The bastion host is a good idea too, but the
last bastion host we had at work had the nasty habit of snapping SSH
connections shut after a few minutes, regardless of activity. That got
old, fast. I'll have to set a linux box up to do that, and stand it in
front of the more public systems...
-- Adam --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Sun Jul 25 21:39:40 2010
This archive was generated by hypermail 2.1.8 : Sun Jul 25 2010 - 21:39:40 AKDT