[plug] ssh access
Jon L. Miller
jlmiller at mmtnetworks.com.au
Wed Oct 15 08:37:58 WST 2008
I totally agree and currently in the process of looking at this. Wanted
to see what Cisco offers before moving to the gateway server.
On Wed, October 15, 2008 08:24, Lucas van Staden wrote:
> Hi, not the answer you are looking/asking for, but....
> Security through obscurity: Not the best way to solve your issue.
> Yes, you may block the script-kiddies attempts, but most potential
> attackers will port scan you first, and from that pick up a list of
> ports to attack.
> Moving your ssh port would thus be fruitless.
> Your best bet to solve this issue is to run an IDS (Intrusion Detection
> System) on your machine.
> I personally like fail2ban
> Easy to configure, and most common services (web, ssh etc) are
> configured out the box.
> You can set the number of attempts to cause a ban (I use 1 attempt), and
> also whitelist your own ip(s) not to get banned.
> If you run Debian (or a debian based system), it is in apt, so easy to
> Jon L. Miller wrote:
>> In a attempt to stop ssh hack attacks (in the log there are 100's of
>> attempts) I've changed the port number of 22 to another port number.
>> the changes in the Firewall to allow this new port number through.
>> However, when I attempt to access this from a remote location it times
>> out. On some servers it works okay but on others it does not. Is there
>> way to see the incoming packets hitting the firewall to "hopefully" see
>> what errors are showing up? By this I mean I'll be on site on the
> PLUG discussion list: plug at plug.org.au
> Committee e-mail: committee at plug.linux.org.au
Jon L. Miller MCNE CNE CCNA
East Perth, WA 6004
More information about the plug