[clug] Starting k/ubuntu - Debian

[Andrew Janke]

> > I also find moving the ssh port greatly reduces the
> > number of automatic worms that try things.  OK, it's not going to stop
> > someone deliberately targeting me, but the worms just try port 22 for
> > ssh attacks.
>
> Moving the port is a PITA for people trying to use it, and it doesnt really do
> that much to enhance your secuirity because a simple port scan will find it. If
> you want to make your daemon invisible to unauthorised users use port
> knocking.

I would give a great big tick to this... Sure, shifting the port is
going to stop the dumb kiddies, but not the clever(er) ones, and they
are the ones that amuse me.

I once worked in a place that used this method of "security", they
shifted from 22 to 2200 (oo-er! now I have given it all away! security
breach!), I found myself constantly annoyed having to fiddle with ssh
configs everywhere such that cvs/svn/rsync/cfengine/etc would work
correctly.  In short, not worth it (in my opinion anyhow).

> Its probably also worth mentioning at this point /etc/security/access.conf
> which can specifiy which account is allowed to log in from where (or not at
> all). This way you can have no users allowed to log in at all except one or two
> users. Also important is to disable password logins and only use keys - which
> will stop all those password grinding kiddies.

Learn something everyday.. I have always just used /etc/ssh/sshd.conf for this.
Do these two interact in someway?  Or are just additive?

thanks for the pointer,


-- 
Andrew Janke   (a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia    +61 (402) 700 883