[clug] Starting k/ubuntu - Debian
Andrew Janke
a.janke at gmail.com
Mon May 14 23:49:39 GMT 2007
> > I also find moving the ssh port greatly reduces the
> > number of automatic worms that try things. OK, it's not going to stop
> > someone deliberately targeting me, but the worms just try port 22 for
> > ssh attacks.
>
> Moving the port is a PITA for people trying to use it, and it doesnt really do
> that much to enhance your secuirity because a simple port scan will find it. If
> you want to make your daemon invisible to unauthorised users use port
> knocking.
I would give a great big tick to this... Sure, shifting the port is
going to stop the dumb kiddies, but not the clever(er) ones, and they
are the ones that amuse me.
I once worked in a place that used this method of "security", they
shifted from 22 to 2200 (oo-er! now I have given it all away! security
breach!), I found myself constantly annoyed having to fiddle with ssh
configs everywhere such that cvs/svn/rsync/cfengine/etc would work
correctly. In short, not worth it (in my opinion anyhow).
> Its probably also worth mentioning at this point /etc/security/access.conf
> which can specifiy which account is allowed to log in from where (or not at
> all). This way you can have no users allowed to log in at all except one or two
> users. Also important is to disable password logins and only use keys - which
> will stop all those password grinding kiddies.
Learn something everyday.. I have always just used /etc/ssh/sshd.conf for this.
Do these two interact in someway? Or are just additive?
thanks for the pointer,
--
Andrew Janke (a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia +61 (402) 700 883
More information about the linux
mailing list