[sllug-members]: How does one properly implement OpenSSH?
Corey Edwards
tensai at zmonkey.org
Tue Mar 25 08:06:13 MST 2008
On Tue, 2008-03-25 at 08:47 -0600, Jeff Schroeder wrote:
> Perhaps. Many automated programs will attempt to make connections on
> the standard port (22) and hack into your server with usernames ranging
> from "root" to "webmaster" to "bob". Moving it to another port will
> prevent many of those attacks, but of course you should already have
> strong passwords. Moreover, changing ports is just security through
> obscurity, which is a debatable approach.
If you've got your system properly configured with good passwords then
you've still got the issue of wasted resources handling all those failed
login attempts, so moving the port isn't a bad idea IMHO. It also does
buy you some real security because it makes finding your server one step
harder, something that script kiddies aren't likely to do. That's
valuable. If it's worth the trade-off of having to specify the port
number when you connect, then go for it.
The real problem with security through obscurity is when people use
obscurity *alone* as their security. They treat their obscurity as a
warm fuzzy blanket and ignore other aspects of their system. That's a
Bad Idea®.
Corey
More information about the sllug-members
mailing list