[clug] [OT] IP range of a domain?

miloska at gmail.com miloska at gmail.com
Thu Jan 21 00:15:57 MST 2010

> Other options you may like to consider:

Additionally you can change the default portnumber from 22 to
something else, so automated robots won't find/try your ssh.

Also you can implement port-knocking (I think iptables itself can be
set up for that) to reduce the chance of any unnecessary connection to
your SSH services. Speaking of iptables I think fail2ban (or something
similar, like limit the number of new connection from an IP to your
SSH port) can be also implemented with iptables.

I know all these solutions seems a bit amateur, but the combination of
some of them (I do recommend at least the key-only auth from Rob's
list on the first place) is a good enough protection for an average
server - and I guess we are not talking about a banking system.

More information about the linux mailing list