tightening ssh

Leonard Isham leonard.isham at gmail.com
Sat Nov 19 12:56:54 UTC 2005


On 11/19/05, Claude Jones <claude_jones at levitjames.com> wrote:
> I've been reading up, and talking up, various security strategies. One thing
> that is striking to me in looking at logs for my servers are the endless ssh
> probes that go on. It appears to be one of the most common. Up till recently,
> I had dealt with this by using firewall rules to allow ssh access only to
> selected ip addresses - to all others, the port appears closed (I checked
> this with port scans). Now, I must change strategies. I need to give access
> to an associate who gets his dsl ip address via dhcp, so it's always
> changing. I'm not quite ready to try port knocking, so, the other suggestion
> I read over and over is to provide ssh on a non-standard port. So, I throw
> this out to the collective experience - what's your take on that strategy?
> Won't simple scans reveal the existence of ssh access on a non-standard port?
> Is this really much protection? Is it merely a question of reducing odds?

1. Most of these are done by script kiddies.  They get a script and
run it is tries to connect via standard port 22.

2 Defense in depth.

A. Non-standard port.
B. Only allow users that require login via ssh which should never be root.
C. Require key login no passwords.
D. use sudo and sudrestrictions to prevent loading a shell as root.


--
Leonard Isham, CISSP
Ostendo non ostento.




More information about the fedora-list mailing list