dhis2-devs team mailing list archive

Thread
Date

Re: interesting article on ssh port numbersh

To: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
From: Saptarshi Purkayastha <sunbiz@xxxxxxxxx>
Date: Sun, 28 Sep 2014 17:01:23 -0400
Cc: DHIS 2 Developers list <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CACd=f9dvJxtGLV71ya_bTKq=mX6MXGgsZDzaS-F1sm1Q+BM6JQ@mail.gmail.com>

Thanks Lars, for sharing the interesting article.
I also recommend that people use fail2ban <http://www.fail2ban.org>. It is
a simple tool that looks at logs to fend brute force

---
Regards,
Saptarshi PURKAYASTHA


On 28 September 2014 16:37, Bob Jolliffe <bobjolliffe@xxxxxxxxx> wrote:

> Some interesting thoughts but i wouldn't buy his main argument (I've read
> it before).  The last comment by 'Dicer; is important.  Of course your sshd
> can be discovered (using nmap or the like) but it takes a little time.
> Time which is generally more profitably spent hunting down the next port 22
> listener.
>
> For the "annoying" -P problem of scp (and other progarms like rsync) which
> expect ssh on port 22, that's what ~/.ssh/config is for :-)  See
> http://nerderati.com/2011/03/17/simplify-your-life-with-an-ssh-config-file/
> for example.
>
> Having said that its really important to know that shifting the port is
> one of a number of measures, not a solution in itself - the more important
> being disabling root access and password authentication.
>
> Port knocking is clever .. used to do this on SA gov periphery firewalls.
> Haven't really bothered in recent times, but maybe something to consider in
> these turbulent times.
>
> Meanwhile i continue to shift my ssh port and encourage others to do the
> same :-)
>
> Cheers
> Bob
>
> On 28 September 2014 17:09, Lars Helge Øverland <larshelge@xxxxxxxxx>
> wrote:
>
>> "Why putting ssh on another port than 22 is a bad idea":
>>
>>
>> https://www.adayinthelifeof.nl/2012/03/12/why-putting-ssh-on-another-port-than-22-is-bad-idea/
>>
>> Lars
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~dhis2-devs
>> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~dhis2-devs
>> More help   : https://help.launchpad.net/ListHelp
>>
>>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~dhis2-devs
> Post to     : dhis2-devs@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~dhis2-devs
> More help   : https://help.launchpad.net/ListHelp
>
>

Follow ups

Re: interesting article on ssh port numbersh
From: Lars Helge Øverland, 2014-09-29

References

interesting article on ssh port numbersh
From: Lars Helge Øverland, 2014-09-28
Re: interesting article on ssh port numbersh
From: Bob Jolliffe, 2014-09-28