Re: Need urgent help regarding security
At 09:33 AM 11/21/2005 +0100, Marian Hettwer wrote:
| Hi there,
|
| ray@redshift.com wrote:
| >
| > Also, if you have access to the router, it's handy to re-write traffic from a
| > higher public port down to port 22 on the server, since that will trip up
anyone
| > doing scans looking for a connect on port 22 across a large number of IP's.
| >
| No. That's security by obscurity and doesn't make your system even a wee
| bit more secure.
| Disable root login via ssh (like already mentioned), enforce public-key
| authentication and maybe even go with OPIE.
|
| > Anyway, just a couple of ideas I thought might be helpful while on the subject
| > of SSH hardening :-)
| >
| all of them were about hardening, except the security by obscurity
| "put-the-sshd-on-another-port" advice ;)
| don't do that.
|
| Regards,
| Marian
Okay, I'll give you that. However, if someone was only scanning port 22, then
it would help keep you out of the scan :)
Ray
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 19 之 36 篇):