Mailinglist Archive: opensuse-security (138 mails)

< Previous Next >
Re: SPAM: Re: [suse-security] Openssh + security
  • From: John Summerfield <suse@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 13 Dec 2005 21:38:51 +0800
  • Message-id: <439ECEEB.9060200@xxxxxxxxxxxxxxxxxxxxxx>
Jaime Santos wrote:
> Hi again,
>
> If someone is using a script to probe port 22 of random machines,
I see half a dozen or more each day, on each machine. Believe it's
happening.

> probably it does make sense to attach the ssh server
> to some other port. But your users will have to be warned that they have
> to explicitly name such a port when trying to
> login remotely. Furthermore, a nmap search for open ports can always
> reveal the services which are available, but this
> is a directed attack. Given the nuisance (such strategy is essentially
> security via obscurity), I think it isn't worth doing it.

nmap or equivalent's always being run too. However, generally the
assumption is that port 22 is ssh because that's where ssh is.

What I've found works a treat is to use /etc/hosts.{allow,deny} to
restrict connexions to my region, determined by networks from which
known-good connexions come.

Since I did that some months ago, over several machines I've had
thousands of connexions rejected because they're from out of area, and
maybe one that tried his dictionary.

I also moved incoming connexions to a different machine where users who
can't connect from remote can't authenticate.


Another good idea, but one that requires more work to set up, is to set
up a VPN: I use openvpn. The VPN authenticates, and yoiu can trust
people with a VPN better than you would the average Joe, Guiseppe or
Josephine.

You still have to control the VPN keys as you would any password.


< Previous Next >