Need urgent help regarding security

ray at redshift.com ray at redshift.com
Mon Nov 21 04:30:08 PST 2005


At 09:33 AM 11/21/2005 +0100, Marian Hettwer wrote:
| Hi there,
| 
| ray at redshift.com wrote:
| > 
| > Also, if you have access to the router, it's handy to re-write traffic from a
| > higher public port down to port 22 on the server, since that will trip up
anyone
| > doing scans looking for a connect on port 22 across a large number of IP's.
| >
| No. That's security by obscurity and doesn't make your system even a wee 
| bit more secure.
| Disable root login via ssh (like already mentioned), enforce public-key 
| authentication and maybe even go with OPIE.
| 
| > Anyway, just a couple of ideas I thought might be helpful while on the subject
| > of SSH hardening :-)
| >
| all of them were about hardening, except the security by obscurity 
| "put-the-sshd-on-another-port" advice ;)
| don't do that.
| 
| Regards,
| Marian

Okay, I'll give you that.  However, if someone was only scanning port 22, then
it would help keep you out of the scan :)

Ray



More information about the freebsd-security mailing list