On Tue, 28 Jan 2014 11:58:22 +0000 Brian <a...@cityscape.co.uk> wrote:
> On Tue 28 Jan 2014 at 09:46:43 +0000, Joe wrote: > > > My recommendation would be to run sshd on a high port number. > > Before the usual chorus jumps in, I know *that* *does* *not* > > *improve* *security*, > > Fine; we are in agreement. > > > but it certainly gives you cleaner log files. Though over a number > > of > > Searching /var/log/auth* for "Failed password for" gives me > > 5846 > 16247 > 17517 > 7889 > 7477 > > so we can agree there too. > > > years, I've had vastly more attempts to connect to port 22 than > > full-spectrum port scans (in fact I've never had one of the latter) > > and I am forced to conclude than in my personal case, it *does* > > improve security. But put your trust in good keys, the bots are all > > looking to > > The conclusion appears to contradict the first statement. While a complete portscan will reveal an ssh server running on a non-standard port, this doesn't seem to happen often. It seems to me that the fewer attacks which are made, the less likely it is that one will succeed. We know that even digital keys are not necessarily secure: anyone can make mistakes, even people who patch Debian's OpenSSH suite. > > > do password attacks. > > Putting your trust in good passwords is not misplaced. > > Good passwords, no. But most of the posts I've seen about hacked Linux installations where the point of entry was known seem to blame ssh, possibly because most private installations don't have any other internet-facing services. Somebody must be doing something wrong. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140128141848.1cf7f...@jretrading.com
