Author: alive
Date: 31-01-07 17:06
Putting sshd on a "higher port" is security through obscurity.
Brute-force bots try a limited set of usernames, and should therefore in practice not be feared by a sensible admin.
Through this, we can conclude that if someone actually, really, wanted to break in to *your* server, changing the port of your sshd is not going to hinder them one least bit. The first thing a hacker ever does to a server is to probe for open ports using nmap.
However, I do believe that only allowing ssh key logins is a good part of the solution: Passwords are insecure.
For everybody else, I would suggest to either disable password authentication on their sshd, or download DenyHosts (It's in the ports, and on denyhosts.sf.net)
|
|
