Re: openssh concerns
- From: Andrew Kuriger <a.kuriger@xxxxxxxxxxxxxxx>
- Date: Mon, 05 Oct 2009 13:14:28 -0500
On Mon, 5 Oct 2009 12:03:44 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX
<lyndon@xxxxxxxxxx> wrote:
I personally don't use it (although I'm considering it), but you couldPersonally I tend to either firewall the OpenSSH daemon, or leave it
wide open. I don't really see the point in changing ports, as long as
they are still publicly available.
The ssh bots only seem to probe port 22. In well over a year of
running my ssh servers on a different (very low numbered) port I
haven't logged a single probe (across about a dozen highly visible
servers).
--lyndon
look into port knocking. Changing the port that SSHD binds to definitely
falls under that obscurity line since if somebody is targeting you, they
very well may run a SYN scan (Mmm namp) and read the banners to quickly
find out what port you are running sshd on, then target bots accordingly.
Granted, if somebody is not specifically targeting you and is just scanning
ranges to find sshd on 22 they will pass you right up since that port will
be closed.
Andrew
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"
- Follow-Ups:
- Re: openssh concerns
- From: Lyndon Nerenberg - VE6BBM/VE7TFX
- Re: openssh concerns
- References:
- Re: openssh concerns
- From: Lyndon Nerenberg - VE6BBM/VE7TFX
- Re: openssh concerns
- Prev by Date: Re: openssh concerns
- Next by Date: Re: openssh concerns
- Previous by thread: Re: openssh concerns
- Next by thread: Re: openssh concerns
- Index(es):
Relevant Pages
|
