Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
[opensuse] Re: Coordinated, distributed ssh attacks?
  • From: Joachim Schrod <jschrod@xxxxxxx>
  • Date: Sat, 03 Oct 2009 17:36:26 +0200
  • Message-id: <ha7r1r$5og$1@xxxxxxxxxxxxx>
Per Jessen wrote:
Roger Oberholtzer wrote:

I was thinking more along the lines of moving my sshd to a less known
port. I access it in a controlled fashion. So, having it on a
standard port is not (I think) a requirement for me. Then, our NAT
could simply drop the sshd port accesses on the well-known port.

I've just remembered the only drawback - using rsync, scp and others who
use ssh under the covers does become a little tiresome, but I think
both rsync and scp have environment variables that'll set a usable
default so you don't have to specify the new port all the time.

The best way is to add a respective config entry at the client that
invocates the call. Something like

Host foo.example.com
Port 234

Then all these programs work without passing any option. You can
add this configuration both to personal ~/.ssh/config files, or to
/etc/ssh/ssh_config for all users on the respective system.

One can also use the Hostname configuration to map a short name to
the FQDN, while one is at that.

HTH,
Joachim

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod Email: jschrod@xxxxxxx
Roedermark, Germany

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups