Home Email Server?
Bruce Marshall wrote:
On Wednesday 11 March 2009, Alan Dacey wrote:
I believe that you can re-map the ports on your machine so that the
'standard' ones can be changed. For example you can remap port 443 to
56189. You could then ssh to port 56189 and the software inside your
machine would never know the difference. Unless your ISP blocks
everything, you are good to go. I have not done this, yet, but I have read
about it doing research to set up my own home ubuntu server.
I routinely (as in always) tell ssh to use a port above 10000. Saves a lot of
usage by the script kiddies who want to beat on port 22.
Fail2Ban is your friend here.* It's like DenyHosts, but using IPTABLES
rules for blocking instead of hosts.deny.* Moving the port isn't really
a complete solution, because you *will* be found in short order, and
then the attacks will commence on that port.* Some might get lucky, but
too many others don't.
I've been using Fail2Ban for about a year, and script kiddies always
get blocked (totally, not just SSH) with an IPTABLES rule after 6
attempts (all this is configurable).* I have it set to release that
IPTABLES block after 24 hours.* It's very effective.
And yes, it is in both the Debian and Ubuntu repositories.
So, no need to try moving your SSH server port around.* With tools like
this one, you can just use TCP 22 like normal.
Do you GNU?
Microsoft Free since 2003--the
ultimate antivirus protection!
kubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-users