[plug] ssh access

Jon L. Miller jlmiller at mmtnetworks.com.au
Wed Oct 15 08:37:58 WST 2008

I totally agree and currently in the process of looking at this.  Wanted
to see what Cisco offers before moving to the gateway server.


On Wed, October 15, 2008 08:24, Lucas van Staden wrote:
> Hi, not the answer you are looking/asking for, but....
> Security through obscurity: Not the best way to solve your issue.
> Yes, you may block the script-kiddies attempts, but most potential
> attackers will port scan you first, and from that pick up a list of
> ports to attack.
> Moving your ssh port would thus be fruitless.
> Your best bet to solve this issue is to run an IDS (Intrusion Detection
> System) on your machine.
> I personally like fail2ban
> (http://www.fail2ban.org/wiki/index.php/Main_Page).
> Easy to configure, and most common services (web, ssh etc) are
> configured out the box.
> You can set the number of attempts to cause a ban (I use 1 attempt), and
> also whitelist your own ip(s) not to get banned.
> If you run Debian (or a debian based system), it is in apt, so easy to
> install.
> Regards
> Lucas
> Jon L. Miller wrote:
>> In a attempt to stop ssh hack attacks (in the log there are 100's of
>> attempts) I've changed the port number of 22 to another port number.
>> Made
>> the changes in the Firewall to allow this new port number through.
>> However, when I attempt to access this from a remote location it times
>> out.  On some servers it works okay but on others it does not.  Is there
>> a
>> way to see the incoming packets hitting the firewall to "hopefully" see
>> what errors are showing up?  By this I mean I'll be on site on the
>> server.
> _______________________________________________
> PLUG discussion list: plug at plug.org.au
> http://www.plug.org.au/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au

East Perth, WA 6004
WA, Australia

More information about the plug mailing list