Date: Mon, 21 Nov 2005 04:30:04 -0800 From: ray@redshift.com To: Marian Hettwer <MH@kernel32.de> Cc: Timothy Smith <timothy@open-networks.net>, freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <3.0.1.32.20051121043004.00aa1490@pop.redshift.com> In-Reply-To: <43818643.5000206@kernel32.de> References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com> <3.0.1.32.20051117232057.00a96750@pop.redshift.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 09:33 AM 11/21/2005 +0100, Marian Hettwer wrote: | Hi there, | | ray@redshift.com wrote: | > | > Also, if you have access to the router, it's handy to re-write traffic from a | > higher public port down to port 22 on the server, since that will trip up anyone | > doing scans looking for a connect on port 22 across a large number of IP's. | > | No. That's security by obscurity and doesn't make your system even a wee | bit more secure. | Disable root login via ssh (like already mentioned), enforce public-key | authentication and maybe even go with OPIE. | | > Anyway, just a couple of ideas I thought might be helpful while on the subject | > of SSH hardening :-) | > | all of them were about hardening, except the security by obscurity | "put-the-sshd-on-another-port" advice ;) | don't do that. | | Regards, | Marian Okay, I'll give you that. However, if someone was only scanning port 22, then it would help keep you out of the scan :) Ray
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3.0.1.32.20051121043004.00aa1490>