|
|
Change ssh to obscure port
Another method that helped me dodge those attacks (~100+ attacks per day!) is changing the remote login port from 22 to something very obscure, say something with 4-5 digits. (Just be sure that it's a port you don't currently use for anything else.) The easiest way to do that is to use Port Forwarding in your router like so: That way, portscanners will skip right over the default ssh port of 22. But remember, when you want to login, you have to specify the port as follows:
Change ssh to obscure port
Exactly what I was going to say (use a different port). In the Linux world changing the sshd_config file does the trick -- in the Mac world it's a little bit more involved (editing /etc/services). I've done this on all my system and have watched thousands of attempts go un-routed at the firewall.
Change ssh to obscure port
Great idea; I'll add that to the body of the main hint tonight. I thought about including the instructions to really re-map sshd's port, but that's a real pain to do (and as the other commenter noted, it can be undone by upgrades).
obscure port unaffected by system updates
I've been doing this since 10.1 (then the change was simply made in
/etc/sshd_config). None of the point updates have undone this change (affected under xinetd in both /etc/services and /etc/xinetd.d/ssh. Apple has seen fit to leave those two files alone through the duration of the point upgrades (10.2-10.2.8, 10.3-10.3.8). Of course, I have done fresh installs of each of the major point releases (10.2, 10.3) and just make the SSH port change as part of my installation routine. In this case, I do indeed believe that there is a lot of peace and rest to be found in "security through obscurity." At least it keeps your server below the radar of the script kiddies and port scanner types.
|
SearchFrom our Sponsor...Latest Mountain Lion HintsWhat's New:HintsNo new hintsComments last 2 daysNo new commentsLinks last 2 weeksNo recent new linksWhat's New in the Forums?
Hints by TopicNews from Macworld
From Our Sponsors |
|
Copyright © 2014 IDG Consumer & SMB (Privacy Policy) Contact Us All trademarks and copyrights on this page are owned by their respective owners. |
Visit other IDG sites: |
|
|
|
Created this page in 0.15 seconds |
|