Date: Tue, 25 Aug 2015 14:52:58 +0100 From: Matt Smith <fbsd@xtaz.co.uk> To: Reko Turja <reko.turja@liukuma.net> Cc: Jaime Kikpole <jkikpole@cairodurham.org>, freebsd-questions@freebsd.org Subject: Re: Blocking SSH access based on bad logins? Message-ID: <20150825135258.GA1330@xtaz.uk> In-Reply-To: <22DC19936F1E477D981FCB31FD51375E@Rivendell> References: <CA%2Bsg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com> <22DC19936F1E477D981FCB31FD51375E@Rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 25 16:29, Reko Turja wrote: >IMO switching SSH port is security by obscurity, determined attacker >will eventually find the altered port if so inclined. I agree that it is security by obscurity but when I ran SSH on port 22 it was syslogging at least several hundred login attempts every day, currently I run it on port 422 and it's never had one single login attempt that wasn't myself. Obviously you have to make sure it's also secure regardless which I do by requiring that the login is either with a key, or if with a password it also requires a one-time-password 6 digit code read from an app on my phone. So if all the login attempts bother you, moving the port certainly works. Just make sure you also keep it secure in other ways. -- Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150825135258.GA1330>