SSH hacked?

NoOp glgxg at
Tue Jan 13 02:59:39 UTC 2009

On 01/12/2009 05:56 PM, Kent Borg wrote:
> Protect ssh with the following:
> 1. If using passwords, use long, quality passwords--passwords that are
> *not* recycled elsewhere.
> 2. If using keys, protect your private keys *very* carefully.
> 3. If offering accounts to others, worry that they also follow #1 and #2.

All good points
> ssh is a very secure protocol. If you have good keys/passwords, no
> script kiddie (or even serious foe) is going to break in with a
> brute-force attack. 


Moving your sshd to an alternate port number is a
> silly distraction.

Really? I reckon that's your opinion, but I'd have to disagree.


Indicates 22 is a pretty prime target.

vs a more obscure 100 for instance:


That said, I doubt any port is safe without basic common sense security
(your 1 & 2 for example). However to call taking added measures such as
using an alternate port for a well known target a "silly distraction"
is, IMO, pretty silly in itself. To do so certainly doesn't hurt
anything. Further, once a script et al tags your 22, then it's
relatively easy to add your IP to the script lists, pass them along and
have other scripts/bots hammer away. It's considerably easier to do this
than to create a special bot script that says "this IP is running sshd
but it is on port xyz rather than 22".

Do a simple test; put up a machine on a naked dsl modem (no router or
denyhosts) for a few days and check the auth.log to see how many
dictionary attack attempts are attempted on 22.

More information about the ubuntu-users mailing list