Securing SSH access
lists at itconsultingplus.com
Fri Apr 4 13:38:39 MDT 2008
One other thing that I like to do is to move SSH to some port way off in the
boondocks something like 3145.
It of course is not the only thing you should do, but it does make for a
good and easy to use first step.
It pretty much stops the common dictionary attacker dead in their tracks.
Another good option is to use a port knock daemon, so a series of ports must
be pinged in a certain order before the SSH daemon even starts to listen.
This way ONLY you know how to get in, even if your computer (which contains
your keys), decides to go for a walk.
More information about the PLUG