On 11/18/2014 08:10 PM, Philipp Winter wrote: > On Tue, Nov 18, 2014 at 09:43:53AM -0800, Andy Isaacson wrote: >> On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote: >>> * SSH being served on a non-standard port - something other than port >>> 22. This is a good idea, as many brute-force attackers will only >>> bother trying port 22. >> >> I don't understand why, for a system that has gotten any security review >> at all, moving ssh to another port is "a good idea". > > In addition to an already safe configuration, I use non-standards ports. > As you point out yourself, it keeps the log files clean, which allows me > to focus on the small number of login attempts I get. This is my main > reason for doing this. > > In addition, if OpenSSH (or one of its dependencies) should ever be > subject to a severe security issue, plenty of folks would immediately > start scanning and exploiting the Internet. A non-standard port would > likely give me a grace period which would allow me to shut down SSH or > take other measures.
+1 you can make harder/more expensive for an advisory with no additional costs for yourself -- Toralf pgp key: 0076 E94E _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
