[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] List of Relays' Available SSH Auth Methods



On 11/18/2014 08:10 PM, Philipp Winter wrote:
> On Tue, Nov 18, 2014 at 09:43:53AM -0800, Andy Isaacson wrote:
>> On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote:
>>> * SSH being served on a non-standard port - something other than port
>>> 22. This is a good idea, as many brute-force attackers will only
>>> bother trying port 22.
>>
>> I don't understand why, for a system that has gotten any security review
>> at all, moving ssh to another port is "a good idea".
> 
> In addition to an already safe configuration, I use non-standards ports.
> As you point out yourself, it keeps the log files clean, which allows me
> to focus on the small number of login attempts I get.  This is my main
> reason for doing this.
> 
> In addition, if OpenSSH (or one of its dependencies) should ever be
> subject to a severe security issue, plenty of folks would immediately
> start scanning and exploiting the Internet.  A non-standard port would
> likely give me a grace period which would allow me to shut down SSH or
> take other measures.

+1

you can make harder/more expensive for an advisory with no additional costs for yourself


-- 
Toralf
pgp key: 0076 E94E

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays