[PLUG] Public SSH server configs

Paul Heinlein heinlein at madboa.com
Mon Apr 10 16:54:43 UTC 2017


On Mon, 10 Apr 2017, Rich Shepard wrote:

> On Mon, 10 Apr 2017, Paul Heinlein wrote:
>
>> I've thought about moving it to an alternate port, and may someday 
>> do so, but in the meantime I've tried to keep up with best 
>> practices for sshd configuration.
>>
>> I recently changed the KexAlgorithms setting, removing all 
>> key-exchange algorithms based on NIST curves.
>
>> The number of scanners that even get through to the stage of 
>> 'Invalid user' has dropped from a couple hundred per day to less 
>> than a dozen.
>
> Paul,
>
> Have you considered running a test to learn if changing the port 
> would be equally effective?

I've run such a test for the past three or four years. "Effective" in 
this context can have two definitions:

* does the change reduce the quantity of unwanted probes?
* does the change raise the quality necessary for a successful probe?

In the case of quantity, the answer is definitely affirmative. Running 
SSH on non-standard ports reduced to near zero the number of scanning 
probes.

In the case of quality, changing the port has no effect.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/



More information about the PLUG mailing list