Re: Format of host keys in ~/.ssh/known_hosts



Fred Mobach <fred@xxxxxxxxx> writes:
Dag-Erling Smørgrav <des@xxxxxx> writes:
There are plenty of other solutions; the simplest is to move sshd to
a different port, e.g. 443.
Why do I not trust security by obscurity ? I'm afraid that nmap will
show the banners of sshd on any port.

If the problem you're trying to solve is "logs filling up with failed
brute-force attempts", moving sshd to port 443 is a cheap and easy
solution.

Oh, and don't sneer at "security by obscurity". Sure, you wouldn't hide
the vault key under the door mat: you'd design the vault so it takes two
separate keys to open it, and give them to two separate persons. But
you wouldn't put up a poster on the vault door with their names and
photos, either.

Hyperbole aside: in this case, it so happens that obscurity can stop
99.9% of all attacks before they reach your *real* defenses and consume
*real* resources. Isn't that worth anything to you?

DES
--
Dag-Erling Smørgrav - des@xxxxxx
.



Relevant Pages

  • Re: Format of host keys in ~/.ssh/known_hosts
    ... Why do I not trust security by obscurity? ... show the banners of sshd on any port. ... and don't sneer at "security by obscurity". ...
    (comp.security.ssh)
  • RE: Re: Concepts: Security and Obscurity
    ... so long as you understand that the server location and port number ... security in the slightest." ... Beale's assertion that "Obscurity Potentially Slows Down the Attacker". ... BDO Kendalls is a national association of separate partnerships and entities. ...
    (Security-Basics)
  • RE: Re: Concepts: Security and Obscurity
    ... BDO Kendalls is a national association of separate partnerships and entities. ... last I heard availability had something to do with security. ... Maybe we can all agree that "port obscurity" is a special case of STO. ...
    (Security-Basics)
  • Re: Re: Concepts: Security and Obscurity
    ... Then you must admit port obscurity is a special case, ... BDO Kendalls is a national association of separate partnerships and entities. ... Subject: Concepts: Security and Obscurity ...
    (Security-Basics)
  • RE: Re: Concepts: Security and Obscurity
    ... This is not obscurity for security - rather a use of a different port ... Subject: Concepts: Security and Obscurity ... Security is based on risk management and ...
    (Security-Basics)