From owner-freebsd-questions@freebsd.org Tue Aug 25 14:35:07 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A39A499AEF1 for ; Tue, 25 Aug 2015 14:35:07 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6B498B63 for ; Tue, 25 Aug 2015 14:35:07 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de (port-92-195-38-7.dynamic.qsc.de [92.195.38.7]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 554B9278B0; Tue, 25 Aug 2015 16:35:05 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id t7PEZ4mf002475; Tue, 25 Aug 2015 16:35:04 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Tue, 25 Aug 2015 16:35:04 +0200 From: Polytropon To: Matt Smith Cc: Reko Turja , freebsd-questions@freebsd.org, Jaime Kikpole Subject: Re: Blocking SSH access based on bad logins? Message-Id: <20150825163504.f59dc375.freebsd@edvax.de> In-Reply-To: <20150825135258.GA1330@xtaz.uk> References: <22DC19936F1E477D981FCB31FD51375E@Rivendell> <20150825135258.GA1330@xtaz.uk> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 14:35:07 -0000 On Tue, 25 Aug 2015 14:52:58 +0100, Matt Smith wrote: > On Aug 25 16:29, Reko Turja wrote: > >IMO switching SSH port is security by obscurity, determined attacker > >will eventually find the altered port if so inclined. > > I agree that it is security by obscurity but when I ran SSH on port 22 > it was syslogging at least several hundred login attempts every day, > currently I run it on port 422 and it's never had one single login > attempt that wasn't myself. You could say that changing the SSH port is "reducing line noise". A hacker can always run a port scan and find out what port you're actually running SSH on. But most "wide range attacks", usually run from fleets of zombie "Windows" PCs, do not do this. Sophisti- cated attackers _will_ do it. So it's not really an obstacle. > Obviously you have to make sure it's also > secure regardless which I do by requiring that the login is either with > a key, or if with a password it also requires a one-time-password 6 > digit code read from an app on my phone. "Having been moved" and "being secure" are two totally different categories. Never confuse. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...