Date: Mon, 21 Nov 2005 09:33:07 +0100 From: Marian Hettwer <MH@kernel32.de> To: ray@redshift.com Cc: Timothy Smith <timothy@open-networks.net>, freebsd-security@freebsd.org Subject: Re: Need urgent help regarding security Message-ID: <43818643.5000206@kernel32.de> In-Reply-To: <3.0.1.32.20051117232057.00a96750@pop.redshift.com> References: <3.0.1.32.20051117232057.00a96750@pop.redshift.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi there, ray@redshift.com wrote: > > Also, if you have access to the router, it's handy to re-write traffic from a > higher public port down to port 22 on the server, since that will trip up anyone > doing scans looking for a connect on port 22 across a large number of IP's. > No. That's security by obscurity and doesn't make your system even a wee bit more secure. Disable root login via ssh (like already mentioned), enforce public-key authentication and maybe even go with OPIE. > Anyway, just a couple of ideas I thought might be helpful while on the subject > of SSH hardening :-) > all of them were about hardening, except the security by obscurity "put-the-sshd-on-another-port" advice ;) don't do that. Regards, Marian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43818643.5000206>