Antivirus for FC3 4928

-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160

Jean-David Beyer

Quick answer: Well, I'm buttuming that you're not important enough for a blackhat to try every port to find out which one ssh is running on.

Longer answer:

The goal is to increase the effort required by a black hat to a level beyond which they would be willing to expend.

The rationale for changing the ssh port is based on the expected attack. Unless someone is out the get you specifically, an automated attack will probably try ssh on port 22 or 2222 and then attempt to login as root or other common user names using common pbuttwords.

The defense is to run ssh on a different port, disable root logins, and use a strong pbuttword. I've also heard that one should disable "pbuttword" authentication in ssh, allowing only "keyboard-interactive" and "public-key." Public key should be sufficiently computationally expensive to break to provide adequate security. I don't know enough to say why keyboard-interactive is better than pbuttword though.

If you're a nice big juicy target, then yeah, get a real security expert and make your systems really secure instead of following the advice of some guy on usenet. However, if your main danger is random attacks, then you'll *probably* be fine by hiding everything behind ssh, and then doing a little to harden ssh.

- -- Neil T. Dantam Student, Purdue University -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU-Linux)

iD8DBQFDQFyjkZoFyDoa1YARA2c8AJ97itaC1SYxYjsr3xfSZPGiPHGXdACdE0yG 5Ufs-WDvUnaxPFhuyfphURg= =vU6M -----END PGP SIGNATURE-----