Need urgent help regarding security
ray at redshift.com
ray at redshift.com
Mon Nov 21 04:30:08 PST 2005
At 09:33 AM 11/21/2005 +0100, Marian Hettwer wrote:
| Hi there,
|
| ray at redshift.com wrote:
| >
| > Also, if you have access to the router, it's handy to re-write traffic from a
| > higher public port down to port 22 on the server, since that will trip up
anyone
| > doing scans looking for a connect on port 22 across a large number of IP's.
| >
| No. That's security by obscurity and doesn't make your system even a wee
| bit more secure.
| Disable root login via ssh (like already mentioned), enforce public-key
| authentication and maybe even go with OPIE.
|
| > Anyway, just a couple of ideas I thought might be helpful while on the subject
| > of SSH hardening :-)
| >
| all of them were about hardening, except the security by obscurity
| "put-the-sshd-on-another-port" advice ;)
| don't do that.
|
| Regards,
| Marian
Okay, I'll give you that. However, if someone was only scanning port 22, then
it would help keep you out of the scan :)
Ray
More information about the freebsd-security
mailing list