[PLUG] Public SSH server configs
Paul Heinlein
heinlein at madboa.com
Mon Apr 10 16:54:43 UTC 2017
On Mon, 10 Apr 2017, Rich Shepard wrote:
> On Mon, 10 Apr 2017, Paul Heinlein wrote:
>
>> I've thought about moving it to an alternate port, and may someday
>> do so, but in the meantime I've tried to keep up with best
>> practices for sshd configuration.
>>
>> I recently changed the KexAlgorithms setting, removing all
>> key-exchange algorithms based on NIST curves.
>
>> The number of scanners that even get through to the stage of
>> 'Invalid user' has dropped from a couple hundred per day to less
>> than a dozen.
>
> Paul,
>
> Have you considered running a test to learn if changing the port
> would be equally effective?
I've run such a test for the past three or four years. "Effective" in
this context can have two definitions:
* does the change reduce the quantity of unwanted probes?
* does the change raise the quality necessary for a successful probe?
In the case of quantity, the answer is definitely affirmative. Running
SSH on non-standard ports reduced to near zero the number of scanning
probes.
In the case of quality, changing the port has no effect.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the PLUG
mailing list