From owner-freebsd-questions@freebsd.org  Tue Aug 25 13:53:03 2015
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 015669C2A17
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Tue, 25 Aug 2015 13:53:03 +0000 (UTC) (envelope-from fbsd@xtaz.co.uk)
Received: from mail.xtaz.uk (tao.xtaz.uk [IPv6:2001:8b0:202::10])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id BD1ABD1
 for <freebsd-questions@freebsd.org>; Tue, 25 Aug 2015 13:53:02 +0000 (UTC)
 (envelope-from fbsd@xtaz.co.uk)
Received: by mail.xtaz.uk (Postfix, from userid 1001)
 id 00D1820AEEBF; Tue, 25 Aug 2015 14:52:58 +0100 (BST)
Date: Tue, 25 Aug 2015 14:52:58 +0100
From: Matt Smith <fbsd@xtaz.co.uk>
To: Reko Turja <reko.turja@liukuma.net>
Cc: Jaime Kikpole <jkikpole@cairodurham.org>, freebsd-questions@freebsd.org
Subject: Re: Blocking SSH access based on bad logins?
Message-ID: <20150825135258.GA1330@xtaz.uk>
Mail-Followup-To: Matt Smith <fbsd@xtaz.co.uk>,
 Reko Turja <reko.turja@liukuma.net>,
 Jaime Kikpole <jkikpole@cairodurham.org>,
 freebsd-questions@freebsd.org
References: <CA+sg5RRppb8-paYnYtL8UMnSfP0ebzUwtM4LLNGayudCwXpyag@mail.gmail.com>
 <22DC19936F1E477D981FCB31FD51375E@Rivendell>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Disposition: inline
In-Reply-To: <22DC19936F1E477D981FCB31FD51375E@Rivendell>
User-Agent: Mutt/1.5.23 (2014-03-12)
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2015 13:53:03 -0000

On Aug 25 16:29, Reko Turja wrote:
>IMO switching SSH port is security by obscurity, determined attacker 
>will eventually find the altered port if so inclined.

I agree that it is security by obscurity but when I ran SSH on port 22 
it was syslogging at least several hundred login attempts every day, 
currently I run it on port 422 and it's never had one single login 
attempt that wasn't myself. Obviously you have to make sure it's also 
secure regardless which I do by requiring that the login is either with 
a key, or if with a password it also requires a one-time-password 6 
digit code read from an app on my phone.

So if all the login attempts bother you, moving the port certainly 
works. Just make sure you also keep it secure in other ways.

-- 
Matt