[kwlug-disc] Tightening up SSH

Chris Irwin chris at chrisirwin.ca
Tue Jul 20 11:50:07 EDT 2010


On Tue, 2010-07-20 at 10:10 -0400, Andrew Kohlsmith (mailing lists
account) wrote:
> > Changing the port number probably impacts, and irritates, you more
> > than anyone else. Particularly with a properly secured port - as the
> > poster is in the process of ensuring.

I don't know about anybody else, but I usually connect remotely from the
same machines: My laptop, and my work desktop. Just throw the hostname
and port in ~/.ssh/config, and you'll never need to remember you're on a
non-standard port.

> I agree; this is why I don't move my ssh off of the standard port.  I put up 
> with the crapflooding, particularly because a) I know nobody's getting in 
> through ssh and b) I never check my logs for ssh attacks anyway.

I left mine on 22 as well. I installed fail2ban and logwatch to keep an
eye on things, though. After a few failed logins, fail2ban invokes the
necessary iptables voodoo to drop connections from that IP.

logwatch is very handy for analyzing your logs. It does a nice job of
consolidating info ("22 failed attepts from 1.2.3.4", instead of having
22 lines containing duplicate info). It also displays successful
connections, though that would probably be of limited use since anybody
competent would sanitize auth.log...

-- 
Chris Irwin <chris at chrisirwin.ca>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://astoria.ccjclearline.com/pipermail/kwlug-disc_kwlug.org/attachments/20100720/69f8e3e4/attachment.bin>


More information about the kwlug-disc_kwlug.org mailing list