Multiple ssh login attempts inside my system...

Sevendogsbsd · Oct 25, 2021

eternal_noob said:
Does that really work? I always thought this was security by obscurity (which doesn't work)...

It is but it may cut down on the number of scans. Most of the scans are automated and are looking for well known ports. A determined attacker (human) is going to run a full port scan to determine what is open and target that.

ziomario · Oct 25, 2021

Sevendogsbsd said:
It is but it may cut down on the number of scans. Most of the scans are automated and are looking for well known ports. A determined attacker (human) is going to run a full port scan to determine what is open and target that.

I'm not so sure. A human can't make a lot of full port scans since he wouldn't have the time. Even because hackers know that a good sys administrator does not want to use common ports.

Sevendogsbsd · Oct 25, 2021

Cyber criminals have nothing but time. The port is irrelevant; if I find an open port, I will attack it. Doesn’t matter if you run on a non standard port, people can still find it. My comment was running on a non standard port can reduce the number of automated (bot) scans because those are trying well known ports.

richardtoohey2 · Oct 26, 2021

Sevendogsbsd said:
My comment was running on a non standard port can reduce the number of automated (bot) scans because those are trying well known ports.

It definitely makes a difference, so it's worth doing if you can. But it's not a top-level defence, just something to cut down the (logging) noise and the script-kiddies a bit.

A few years ago moving the ssh port meant a quiet life, nowadays it's not so useful. But YMMV!

Multiple ssh login attempts inside my system...

Sevendogsbsd

ziomario

Sevendogsbsd

richardtoohey2