[Leaplist] fail2ban
Bryan J. Smith
b.j.smith at ieee.org
Tue Mar 9 12:32:03 EST 2010
I utterly disagree. It makes you a smaller target that takes
far more time for a portscan (in the order of 3 magnitudes).
Documenting the port change with screenshots for common
Windows applications solve the "support" issue as well.
Heck, one of the articles I'm regularly sending to users as of
late is this one blog entry I cranked out on a Friday night in
Houston (UCF football road trip):
http://bjs-redhat.livejournal.com/3997.html
I know how it is to support users who don't know jack. A
simple blog article showing WinSCP and other programs
for the change does the job.
----- Original Message ----
From: Kevin Korb <kmk at sanitarium.net>
I agree. It is a pain in the butt for your users and does almost
nothing for your security.
BTW, if you do decide to do this on some servers here is the easy way to
configure command line ssh to just work:
in ~/.ssh/config:
Host hostname hostname2 hostname3 etc
Port xxxx
You can also specify things like user names in there so you don't have
to specify all that stuff every time you connect.
On 03/09/10 08:22, Phil Barnett wrote:
> On Tue, 2010-03-09 at 07:02 -0500, Kevin Inscoe wrote:
>> Don't listen on port 22. Use another port and what Jason said.
>
> And I tell my over 100 users who barely know how to get their files
> uploaded to their website to do what? Ignore all the instructions in
> their software and do it a different way?
>
> That is a support nightmare.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Leaplist
mailing list