[clug] [OT] IP range of a domain?
miloska at gmail.com
miloska at gmail.com
Thu Jan 21 00:15:57 MST 2010
> Other options you may like to consider:
>
Additionally you can change the default portnumber from 22 to
something else, so automated robots won't find/try your ssh.
Also you can implement port-knocking (I think iptables itself can be
set up for that) to reduce the chance of any unnecessary connection to
your SSH services. Speaking of iptables I think fail2ban (or something
similar, like limit the number of new connection from an IP to your
SSH port) can be also implemented with iptables.
I know all these solutions seems a bit amateur, but the combination of
some of them (I do recommend at least the key-only auth from Rob's
list on the first place) is a good enough protection for an average
server - and I guess we are not talking about a banking system.
More information about the linux
mailing list