LOUNGE all new asksnapzu ideasforsnapzu newtribes interesting pics videos funny technology science technews gaming health history worldnews business web research entertainment food living internet socialmedia mobile space sports photography nature animals movies culture travel television finance music celebrities gadgets environment usa crime politics law money justice psychology security cars wtf art google books lifetips bigbrother women apple kids recipes whoa military privacy education facebook medicine computing wildlife design war drugs middleeast diet toplists economy fail violence humor africa microsoft parenting dogs canada neuroscience architecture religion advertising infographics sex journalism disaster software aviation relationships energy booze life japan ukraine newmovies nsa cannabis name Name of the tribe humanrights nasa cute weather gifs discoveries cops futurism football earth dataviz pets guns entrepreneurship fitness android extremeweather fashion insects india northamerica
+18 18 0
Published 3 years ago with 6 Comments

Join the Discussion

  • Auto Tier
  • All
  • 1
  • 2
  • 3
Post Comment
  • idlethreat (edited 3 years ago)
    +3

    Back at the company I used to work at, all systems run SSH on an alternate port (we run it on 2022). That resolved the majority (80+%) of SSH hacking attempts right out of the gate. The majority of scripts rely on SSH being on the default port at all times.

    Don't really resolve this issue all that much, just an interesting bit of info I picked up being the security guy for a web hosting company.

    • caelreth
      +3

      It is interesting :)

      I teach networking and ethical hacking, so stories and anecdotes like yours are always appreciated!

    • Kysol
      +2

      I too set up machines with an alternative port + keys instead of passwords. As you said it isn't a solution, but a bandaid.

      What I've also done in the past with some services was to firewall off the port, have a web interface where you logged in on. The login would record your IP in a separate log file, and a script would scrape that log adding the firewall rule to allow that IP address with a TTL. You then set it so that it keeps any existing connections upon firewall reset and after say 5 minutes the port is closed down to all IP's again.

  • skolor
    +1

    This seems like as good a time as any to remind people they really should be using ssh keys, where possible, instead of passwords. About the only situation I wouldn't use one is if I didn't know what computer I would be connecting from ahead of time, which is a situation that doesn't come up often.

    • ST3ALTHPSYCH0
      +2

      Even at that, with the keys in authorizedkeys instead of authorizedhosts you're still covered, and you could carry your private key (password protected, of course) on a USB drive.

      • skolor
        +1

        Yeah, the case for not using keys is pretty small. I was thinking if, for some reason, you need the ability to be dropped, naked, in the middle of a city and get access to your server immediately, passwords are the way to go. Otherwise, I'm not sure the use case for them other than "management is hard".

Here are some other snaps you may like...