Re: Need urgent help regarding security

From: Marian Hettwer (MH_at_kernel32.de)
Date: 11/21/05

  • Next message: Peter Jeremy: "Re: Need urgent help regarding security"
    Date: Mon, 21 Nov 2005 09:33:07 +0100
    To: ray@redshift.com
    
    

    Hi there,

    ray@redshift.com wrote:
    >
    > Also, if you have access to the router, it's handy to re-write traffic from a
    > higher public port down to port 22 on the server, since that will trip up anyone
    > doing scans looking for a connect on port 22 across a large number of IP's.
    >
    No. That's security by obscurity and doesn't make your system even a wee
    bit more secure.
    Disable root login via ssh (like already mentioned), enforce public-key
    authentication and maybe even go with OPIE.

    > Anyway, just a couple of ideas I thought might be helpful while on the subject
    > of SSH hardening :-)
    >
    all of them were about hardening, except the security by obscurity
    "put-the-sshd-on-another-port" advice ;)
    don't do that.

    Regards,
    Marian
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Peter Jeremy: "Re: Need urgent help regarding security"