From owner-freebsd-questions@FreeBSD.ORG Tue Sep 20 02:08:22 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AF2D1065672 for ; Tue, 20 Sep 2011 02:08:22 +0000 (UTC) (envelope-from bonomi@mail.r-bonomi.com) Received: from mail.r-bonomi.com (mx-out.r-bonomi.com [204.87.227.120]) by mx1.freebsd.org (Postfix) with ESMTP id 51E348FC16 for ; Tue, 20 Sep 2011 02:08:21 +0000 (UTC) Received: (from bonomi@localhost) by mail.r-bonomi.com (8.14.4/rdb1) id p8K27lTO056965 for freebsd-questions@freebsd.org; Mon, 19 Sep 2011 21:07:47 -0500 (CDT) Date: Mon, 19 Sep 2011 21:07:47 -0500 (CDT) From: Robert Bonomi Message-Id: <201109200207.p8K27lTO056965@mail.r-bonomi.com> To: freebsd-questions@freebsd.org In-Reply-To: <86fwjst6ld.fsf@red.stonehenge.com> Subject: Re: limit number of ssh connections X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2011 02:08:22 -0000 > From owner-freebsd-questions@freebsd.org Mon Sep 19 19:12:32 2011 > From: merlyn@stonehenge.com (Randal L. Schwartz) > To: Paul Macdonald > Date: Mon, 19 Sep 2011 17:12:14 -0700 > Cc: James Strother , freebsd-questions@freebsd.org > Subject: Re: limit number of ssh connections > > >>>>> "Paul" == Paul Macdonald writes: > > Paul> in my experience running ssh on a high port cuts the amount of > Paul> unwanted ssh connections to approximately zero, in fact i got a > Paul> surprise when seeing a sec log from a box which i hadn't done this > Paul> for > > I run sshd on 443 (for firewall-bending reasons), and the only > connections I see there are people trying to break into the web. Never > an actual sshd hit. :) A wise man said: "this belongs in the "security for dummies" pile right along with "turning off your SSID announce" and "use MAC address filtering" when people talk about wifi "security". All three are useless and give you a false sense of having "increased" security. IT is worthy of note that 'merely' running sshd on an 'unconventional' port provides _less_ of an increase in security than portknocking does. :) That said, _I_ also run sshd on the "well-known port" for unrelated services. *NOT* because I have a belief it provides any increase in security -- it _doesn't_ -- but simply to eliminate the script-kiddie 'doorknob rattling' 'clutter' from the logs. Making it far easier to see a truely 'targeted' attempt. 'Clutter elimination' makes it -- *or* portknocking -- "worth doing" even though neither provide any "measurable" increase in 'real' security.