SSH hacked?

Gilles Gravier gilles at
Mon Jan 19 10:46:07 UTC 2009


Charlie Brune wrote:
> Steve Lamb wrote:
>> Gilles Gravier wrote:
>>> Carry your key in a USB stick.
>  Yes. That's what I do. Don't allow anything but public-key 
> authentication. It's fast, easy and fun. I also listen on a port other 
> than port 22 and only allow certain hard-to-guess users to log it.
I used to have that on port 53 (DNS) because some airport WiFi networks
which required you to pay to access the net let DNS queries out... and
did it in a sloppy manner (i.e. the firewall just allowed port 53 out
not worring about packet content, or type UDP/TCP)... They tend to clean
this up more and more... but I still have a bounce forwarding 53 to my
favorite SSH port-du-jour.


More information about the ubuntu-users mailing list