|
Author: dobermann
Date: 04-12-06 08:43
I use higher ports for my sshds since I first had a "public server".
I was scanned and brute forced all the time...
Now the auth_log is just looking good :]
Higher port + auth key only = good security (the only matter is to remind which server has which port)
http://www.sens-interdit.fr/
|
|
Reply To This Message
|
|
Author: Dan
Date: 04-12-06 12:25
dobermann wrote:
> I was scanned and brute forced all the time...
Does this mean the attacks were successful?
--
Webmaster
|
|
Reply To This Message
|
|
Author: dobermann
Date: 04-12-06 12:31
Nope :)
I just watched my logs grow and grow with hacking attempts... but never been owned.
http://www.sens-interdit.fr/
|
|
Reply To This Message
|
|
Author: Johan
Date: 10-12-06 11:05
Not really a fan of putting sshd on a higher port, I only use public key
auth, combined with the AllowUsers directive in sshd_config, that'll
keep most bad guys out. I carry my public key and putty on my usb
stick so I can always connect. Random high ports have a nasty tendancy
to be blocked when you're out and about.
I still get a lot of bruteforce attempts (that will fail) however I
mitigate that with pf:
pass in log on $ext_if proto tcp from any to $ssh_server port ssh flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 5/3, overload <bruteforce> flush global)
The bruteforce table is purged with the expiretable
(sysutils/expiretable) utility in cron.
|
|
Reply To This Message
|
|
Author: Martin
Date: 10-12-06 14:32
Well, it's correct with the high ports availability from various (mainly corporate) networks.
Hm, one solution, I am currently playing with, is having OpenVPN listening on port 22. But it's just an idea..
|
|
Reply To This Message
|
|
