[lug] Changing Port 22?

Martin Heck mheck at mines.edu
Wed Nov 14 08:29:52 MST 2007


Additionally there's a few utilities out there to automate #6... 
DenyHosts or Fail2Ban are ones that are readily packaged for 
Debian-esque systems.

Ben Whaley wrote:
> Well, if the goal is to "reduce attack messages" then the focus is all
> wrong. The goal should be to mitigate the risk of a successful attack.
>
> I've done this in a few places and it certainly helps with the
> automated scripts that try guessable passwords for common user
> accounts. It should always be considered a second.. or third.. or
> fourth line of defense, however. In general, you should:
>
> 1) Use password cracking software (like john the ripper) on your
> shadow file on a regular basis
> 2) Evaluate user accounts occasionally to make sure they should exist at all.
> 3) Consider restricting which accounts can log in via ssh
> 4) Consider moving to public key authentication only, if possible
> 5) Make sure that root logins via SSH are not allowed
> 6) Consider restricting what hosts can connect (either via
> tcpwrappers, which is natively supported by OpenSSH, or via iptables).
> This may not be practical, depending on the environment.
>
> Then, and only then, does it make sense to move SSH to a different port.
>
> - Ben
>
>
>
> On Nov 13, 2007 9:13 PM,  <gordongoldin at aim.com> wrote:
>   
>>  Change port 22 to reduce attack messages.
>>
>>  What does anybody think?
>>
>>  Worthwhile?  Any problems?
>>
>>
>>
>>
>>
>>
>>
>>  ________________________________
>>  Check Out the new free AIM(R) Mail -- Unlimited storage and
>> industry-leading spam and email virus protection.
>>
>> _______________________________________________
>> Web Page:  http://lug.boulder.co.us
>> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>>
>>     
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20071114/af336c14/attachment.html>


More information about the LUG mailing list