Web lists-archives.com

Re: Undesired ssh login attempts




Roberto C  Sánchez wrote:
> On Sun, Jun 10, 2018 at 11:09:49AM -0000, Dan Purgert wrote:
>> deloptes wrote:
>> > Hi,
>> > I recently get many of those, which means someone found out that ssh
>> > external is on port 22222 and is trying to do some evil work there.
>> > Should I worry or do something?
>> 
>> Use key-based auth only
>> Ensure root ssh login is not allowed
>> Perhaps fail2ban (or equivalent)
>> Perhaps forget about funny ports (as they're "security by obscurity" at
>> best).
>> 
> In the past I was of a similar opinion regarding the use of a
> non-standard port for SSH.  However, some of clients do this and the
> main observed benefit is less noise in the logs.  As long as the
> administrator understands that it does not improve security, and is
> willing to deal with the occasional inconvenience of an alternate port,
> there is nothing really wrong with it.

Which is why I prefaced that option with "perhaps".  Not that I've
*never* used non-standard ports for services, but it's always with a
reason (e.g. secondary service, less log noise, don't want the program
to require root permissions, etc.)


-- 
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281