On 20.02.2014, at 18:36, Levente Uzonyi leves@elte.hu wrote:
On Thu, 20 Feb 2014, Tobias Pape wrote:
On 20.02.2014, at 18:12, Ken Causey ken@kencausey.com wrote:
What does the group think of changing the port that sshd listens on for connections? Yes, I know this is a sort of security by obscurity and is entirely pointless if you are being targeted. But we aren't being targeted yet the net is just full of drive-by connection attempts these days.
On a server I administer for a customer I used to get log reports of hundreds and even thousands of the attempted ssh connections each and every day. I got tired of the noise and moved sshd to another port. It has been years now and there has not been a single ssh connection attempt from anyone other than me since I made the change.
Please just install fail2ban I am using this for years and it is indispensable. It analyzes the ssh fail logs and auto-bans offending ip's for 10 minutes this is typically enough to stop script kiddies from trying further.
It doesn't get rid of the noise from the logs.
It minimizes noise. Which box are we speaking of?
Best -Tobias