[Cialug] ssh

[cialug@cialug.org]

On Fri, Jan 28, 2005 at 08:47:46AM -0600, Tony Bibbs wrote:
> How many of you have moved ssh of the standard port of 22?  I'm asking 
> because recently I'm seeing hosts from a 210.x.x.x network trying like 
> hell to get in via ssh on that port.  Since it seems scripted I'm 
> thinking of changing ports to something more obscure but I figured I'd 
> check to see what some of you have done for this sort of stuff.
> 
> --Tony

I was getting the same thing on my ServerBeach server.  Instead of moving ssh, I set up iptables to limit connections to a small number of hosts or subnets.  The syntax is something like the following:

iptables -A INPUT -p tcp --dport 22 --source {ip address/netmask} -j ACCEPT

Replace {ip address/netmask} above with something like 192.168.1.0/24 for any IP on the 192.168.1.0 network, or 192.168.1.1/24 to limit it to just that IP.

The down side is, you can't ssh in from just anywhere any more.  If you need ssh access from, say, a public wireless hot spot while travelling, you won't know that hot spot's network or IP information ahead of time.  For that, you could launch a stand-alone sshd on an alternative port before you leave.  Most hot spots allow all outbound ports, but you could be unpleasantly surprised.

Hope that helps,
kristau
-- 
"It is far easier to feign ignorance than it is to feign knowledge."