Re: Securing SSH wiki article outdated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Fri, 2015-02-13 at 11:21 -0500, m.roth@xxxxxxxxx wrote:

> I disagree - I am in the "waste of time" camp. The reality is that only
> script kiddies start out by trying 22 (and I *do* mean script kiddies -
> I've seen attempts to ssh in that were obviously from warez, man, where
> they were too stupid to fill in ___ with a username, or salt. All the
> others, I figure they don't need to be major league, just someone with a
> clue, who'll run a scan; in fact, I'd expect them to run a scan just to
> see what IPs were visible, and I know that if I was writing a scan, I
> don't assume that I'm *so* brilliant that I'm the only one to think of
> scanning ports < 1k while looking for systems that I might hit.

Changing SSH port to a non-standard port is the beginning. Restricting
access to that port to a few IPs is another layer of protection .... and
then more things are done to lessen the chances of unauthorised access.


-- 
Regards,

Paul.
England, EU.      Je suis Charlie.


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux