On Tuesday 21,August,2012 07:48 PM, Eike Lantzsch wrote: > On Monday 20 August 2012 09:59:47 lina wrote: >> Hi, >> >> I ssh to a server which has 400+ users, active ones around 100. >> >> Frankly speaking, I would feel comfortable to hide my IP if possible, >> >> any suggestions (I checked the spoof, but seems not positive), >> >> Thanks with best regards, > > Hi lina! > > I followed the thread and I wonder why nobody recommended to change sshd to > listen on any other port than 22, e.g. 2424. That will calm down most attacks > / probing of ssh.
That's very nice of you, I guess default many people had already changed that port, and they thought I would have realized that earlier it's one way of facing it. Well, I just made the change to the sshd_config to some other port and also changed the iptables. > Also I wondered why nobody recommended to install DenyHosts? will install it. > I installed it on my OpenBSD gateway and it is quite funny to see which > usernames and passwords are tried to get into the box. > That was with sshd still listening on port 22. Now that it is on another port > there were no probes whatever for about a year. Stupid hacking! > > Of course you need to inform your ssh users of the change. If the same > machines on your own network still attack ssh than it should be easy to > figure > out which machine is doing that by looking at the MAC-address. quite interesting, how can I know its MAC address. Today I sent the email to administrator, here quote what he answered me:"Do you wish to change password just to be sure? Once you change, you let me know, I'll rsync all the password file. It could be a robot." " So I think it's better not bother him much. he didn't talk the questions I asked and he referred that I should change password of those servers. Best regards, and also thanks all for your time and valuable suggestions, > > Kind regards, > Eike > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/50337a72.4070...@gmail.com
