Hacker News new | past | comments | ask | show | jobs | submit login

Lovely that they are propagating the folklore security of using a non-standard port. And yet they also discuss using a well-known bastion host.



For security it's worthless, but for reducing log noise it's not a bad idea if your number of users is low.


I've tried it, and the number of failed logins is still significant, and it can only have gotten worse now, given the ease of scanning the entire IPv4 range.

If you only have {2fa,key,certificate} auth the number of alerts you should have from SSHD itself is (almost) zero, failed logins are (almost) _all_ _noise_. Higher level systems that monitor origin/destination/heuristics of successful logins are where its at.


I've got a web server with a popular vps company. With ssh on port 22, I (naturally) got lots of failed login attempts.

I moved it to another port...0 attempts in the last 7 days (btmp was rotated then).

It shuts down log spam 100% for me.


Same with port knocking. It has a practical purpose, but idiots will have it lull them into a false sense of security.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: