Extracted from: http://isc.sans.org/diary.php?storyid=846 and http://forums.contribs.org/index.php?topic=29505.msg123499#msg123499
+
References: [http://isc.sans.org/diary.php?storyid=846 sans.org article on securing ssh] and [http://forums.contribs.org/index.php?topic=29505.msg123499#msg123499 Guessing passwords]
−
Based on: <b>"Changing the default ssh port"</b> written by cc_skavenger
+
Based on: [http://no.longer.valid/phpwiki/index.php/Changing%20the%20default%20ssh%20port Changing the default ssh port] written by cc_skavenger. Use his howto if you are running SME 5.6 - 6.x!
Line 69:
Line 69:
=== Conslusions ===
=== Conslusions ===
−
This Howto was developed in response to the recommendations in this article at isc.sans.org. The article briefly suggests taking 3 steps to secure your server against ssh attacks:
+
This Howto was developed in response to the recommendations in this article at [http://isc.sans.org/diary.php?storyid=846 isc.sans.org]. The article briefly suggests taking 3 steps to secure your server against ssh attacks:
1. Run ssh on a non-standard port
1. Run ssh on a non-standard port
Line 75:
Line 75:
3. Monitor your logs, then consciously look at blocking and/or reporting abusive netblocks.
3. Monitor your logs, then consciously look at blocking and/or reporting abusive netblocks.
−
Now you know how to run ssh on a non-standard port, at least. Don't be fooled into thinking that this will bring long-term securiy, however! There is a discussion of this issue in the forums here on contribs that concludes that moving ssh to another port will only help until the attackers upgrade their tools. Public/private key security is recommended. (See Guessing passwords)
+
Now you know how to run ssh on a non-standard port, at least. Don't be fooled into thinking that this will bring long-term securiy, however! There is a discussion of this issue in the forums here on contribs that concludes that moving ssh to another port will only help until the attackers upgrade their tools. Public/private key security is recommended. (See [http://forums.contribs.org/index.php?topic=29505.msg123499#msg123499 Guessing passwords])