Re: SSH attacks from china

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



John wrote:
> Using a non default port is not the solution, because history has learned 
> that security by obscurity never worked.....

It's not "security by obscurity", moving the default port is just to not
see all that garbage in the log files - as the automated scripts don't
check for ssh on different ports than 22. 

And save cpu cycles by not having to answer to those requests.

> 1: Use Iptables or other firewall in front of server,  to only allow a 
> selected group of "trusted" Ip's to access the server trough SSH.

Well, that is not always possible or wanted.

> 2: Enforce Public / Private key Authentication, so that only the users with 
> a valid key can access the server.

And yes, you shouldn't be using ssh with password authentication, true.

Ralph

Attachment: pgpMerTMKpjwC.pgp
Description: PGP signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux