Lew Wolfgang wrote:
On 1/17/19 8:30 AM, Per Jessen wrote:
Alternatively - use keys for ssh, and that problem is gone. Or if that's too cumbersome, move ssh to a higher port. Works wonders. I do both. When you're using keys, there is no need to change the port. You gain nothing.
Curious thing is, I have no idea if there are attempts at my router, it doesn't report anything. With keys, there is nothing to report.
Unless a zero-day is discovered in sshd!
Nothing much to report except : sshd[11505]: Accepted publickey for user from 192.168.112.114 port 59294
BTW, I remember when I first installed SuSE 5.2 on my home computer the documentation for the firewall was still in German. I decided to just turn it off until I could figure things out later. Alas, I was quickly pwned via a remote-root vulnerability in mountd. I caught it right away and re-installed the system, this time with the firewall running.
Going a bit off-topic here, but I expect we have all been there. I had a webserver compromised by someone brute forcing the password and I think we also had someone very close to gaining access by way of a PHP vulnerability. It was caught by outbound emails failing. -- Per Jessen, Zürich (-2.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org