[Klug-general] Hiding Port 22 on an SSH based VPN
John K Masters
johnmasters at oxtedonline.net
Mon Apr 2 21:25:20 BST 2007
On Mon, 02 Apr 2007 19:37:32 +0100
Peter <peter at sheppey.free-online.co.uk> wrote:
> I run a small private network over the Internet using SSH based
> commands on Port 22. This port is permanently open to the rest of the
> Internet. Is there a simple way of hiding it except for my own
> computers.
>
> I've looked at iptables and various firewall applications but they are
> all so complicated for a one off job.
>
> Can anyone help please?
>
> Regards, Peter.
>
1] If possible change the port to something high - this seems to get rid
of most automated attacks.
2] Disallow root login - makes it harder to get the username for login
as root is reasonably certain to be a valid login name :)
3] Install and run fail2ban and set it to permaban after 3 failed
attempts
Also, as mentioned before, if possible allow access only from specific
IP addresses. Not always possible with dynamic addresses.
This should assuage most of your worries.
Regards,
John
More information about the Kent
mailing list