Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Re: Coordinated, distributed ssh attacks?
  • From: Per Jessen <per@xxxxxxxxxxxx>
  • Date: Sat, 03 Oct 2009 17:43:13 +0200
  • Message-id: <ha7reh$vmu$1@xxxxxxxxxxxxxxxx>
Joachim Schrod wrote:

Per Jessen wrote:
Roger Oberholtzer wrote:

I was thinking more along the lines of moving my sshd to a less
known port. I access it in a controlled fashion. So, having it on a
standard port is not (I think) a requirement for me. Then, our NAT
could simply drop the sshd port accesses on the well-known port.

I've just remembered the only drawback - using rsync, scp and others
who use ssh under the covers does become a little tiresome, but I
think both rsync and scp have environment variables that'll set a
usable default so you don't have to specify the new port all the
time.

The best way is to add a respective config entry at the client that
invocates the call. Something like

Host foo.example.com
Port 234

Then all these programs work without passing any option. You can
add this configuration both to personal ~/.ssh/config files, or to
/etc/ssh/ssh_config for all users on the respective system.

Thanks Joachim, that is brilliant! Why didn't I think of that ...


/Per

--
Per Jessen, Zürich (12.3°C)

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >