It's pretty much one of the first things I do when setting up a system... ssh po... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

tracker1 on Sept 21, 2020 | parent | context | favorite | on: Moving your SSH port isn’t security by obscurity

It's pretty much one of the first things I do when setting up a system... ssh port, no password logins, ufw. Of course, when I mess one of those up, I'm doing it again... but in general, that's my getting started step.

If it's a really important system I'll go a step farther and enable a port knocking sequence... but that's about the extent of it. Generally speaking, I rarely setup port knocking.

mercer on Sept 21, 2020 [–]

Same here. Just changing the port makes brute force attacks so rare that I feel I don't need to bother with port knocking or the like.

tracker1 on Sept 23, 2020 | [–]

65022 for the win... it's funny but many scanning scripts stop at 60000 or 65000, or only target specific known ports.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact