[Klug-general] Hiding Port 22 on an SSH based VPN

John K Masters johnmasters at oxtedonline.net
Mon Apr 2 21:25:20 BST 2007


On Mon, 02 Apr 2007 19:37:32 +0100
Peter <peter at sheppey.free-online.co.uk> wrote:

> I run a small private network over the Internet using SSH based
> commands on Port 22. This port is permanently open to the rest of the
> Internet. Is there a simple way of hiding it except for my own
> computers.
> 
> I've looked at iptables and various firewall applications but they are
> all so complicated for a one off job. 
> 
> Can anyone help please?
> 
> Regards, Peter.
> 
1] If possible change the port to something high - this seems to get rid
of most automated attacks.
2] Disallow root login - makes it harder to get the username for login
as root is reasonably certain to be a valid login name :)
3] Install and run fail2ban and set it to permaban after 3 failed
attempts

Also, as mentioned before, if possible allow access only from specific
IP addresses. Not always possible with dynamic addresses.

This should assuage most of your worries.

Regards,
    John



More information about the Kent mailing list