Comments on: Security Tip: Defending against brute force ssh attacks http://fatpenguinblog.com/weinerdoodz/security-tip-defending-against-brute-force-ssh-attacks/ Donkies Bloggin' for Donkies Sat, 11 Oct 2008 14:41:14 +0000 http://wordpress.org/?v=2.5 By: Scott Rippee http://fatpenguinblog.com/weinerdoodz/security-tip-defending-against-brute-force-ssh-attacks/#comment-10538 Scott Rippee Fri, 08 Jun 2007 07:33:31 +0000 http://fatpenguinblog.com/weinerdoodz/security-tip-defending-against-brute-force-ssh-attacks/#comment-10538 Ahhhh very interesting. I especially like the knockd trick. I can't believe that they didn't mention: 1. Never run sshd on port 22. Autonomous bots will always find you and run through large sets of passwords trying to break in. I've seen my server logging hundreds upon hundreds of these a day. Every client allows port specification, so take advantage of it. 2. There is no reason to leave sshd and other personal services sitting out there visible to the public. Setup a VPN, it's not so tough. Bind your non public services to only the VPN address. Ahhhh very interesting. I especially like the knockd trick.

I can’t believe that they didn’t mention:

1. Never run sshd on port 22. Autonomous bots will always find you and run through large sets of passwords trying to break in. I’ve seen my server logging hundreds upon hundreds of these a day. Every client allows port specification, so take advantage of it.

2. There is no reason to leave sshd and other personal services sitting out there visible to the public. Setup a VPN, it’s not so tough. Bind your non public services to only the VPN address.

]]>