Kirk Strauser wrote: > On Friday 27 May 2005 07:50, Mark Shields wrote: > > >>especially since now I've been looking at my log files I've noticed it's >>being hammered everyday by ssh break attempts. > > > Define "hammered". How many attempts per unit time are you seeing? > > By the way, I strongly suggest *not* changing your SSH port, but completely > disabling password authentication in favor of RSA auth. First, a little > obscurity here won't buy you much security - it just means that would-be > crackers will have to port scan you first to find your SSH daemon before > they start pounding away at it. Second, if you use RSA auth, then you've > greatly restricted the possibility of them gaining access. Short of a flaw > in sshd itself, it's statistically nearly impossible for them to guess your > RSA key.
Changing port is not about security, it save cpu (that can be true using RSA auth only too). -- .................................................................... . These pages are best viewed by coming to my house and looking at . . my monitor. [S. Lucas Bergman (on his website)] . .................................................................... -- gentoo-user@gentoo.org mailing list
