[clug] mc-root anyone?

Michael Still mikal at stillhq.com
Thu Jun 18 16:06:38 GMT 2009


Paul Wayper wrote:

> I would recommend never allowing SSH on port 22 on anything that handles
> a connection from the internet.  I have a port remapping NAT rule on my
> firewall to remap from a high port to SSH on my internal server; other
> people just change the 'Port' number in /etc/ssh/sshd_config to a
> highish number (2222 is easy to remember).  If you're paranoid, you also
> run fail2ban or some similar daemon that checks for too many password
> failures and bans that IP address automatically for a time.

What about retarded networks that filter higher ports though? I travel a
bit, and these things seem to happen relatively frequently.

I'm wondering if yubikeys are the answer.

Mikal


More information about the linux mailing list