[plug] ssh access
Lucas van Staden
lvs at dedmeet.com
Wed Oct 15 08:24:50 WST 2008
Hi, not the answer you are looking/asking for, but....
Security through obscurity: Not the best way to solve your issue.
Yes, you may block the script-kiddies attempts, but most potential
attackers will port scan you first, and from that pick up a list of
ports to attack.
Moving your ssh port would thus be fruitless.
Your best bet to solve this issue is to run an IDS (Intrusion Detection
System) on your machine.
I personally like fail2ban
(http://www.fail2ban.org/wiki/index.php/Main_Page).
Easy to configure, and most common services (web, ssh etc) are
configured out the box.
You can set the number of attempts to cause a ban (I use 1 attempt), and
also whitelist your own ip(s) not to get banned.
If you run Debian (or a debian based system), it is in apt, so easy to
install.
Regards
Lucas
Jon L. Miller wrote:
> In a attempt to stop ssh hack attacks (in the log there are 100's of
> attempts) I've changed the port number of 22 to another port number. Made
> the changes in the Firewall to allow this new port number through.
> However, when I attempt to access this from a remote location it times
> out. On some servers it works okay but on others it does not. Is there a
> way to see the incoming packets hitting the firewall to "hopefully" see
> what errors are showing up? By this I mean I'll be on site on the server.
>
>
>
More information about the plug
mailing list