Re: ssh gives "Permission denied, please try again"

On Sat, 19 Jul 2008 00:36:10 +0100
Jonathan Buzzard <joe@xxxxxxxxxxxxx> wrote:

On Thu, 17 Jul 2008 19:38:59 +0100, Tony Houghton wrote:

I configure the router to forward a different external port to 22
on my own PCs. This makes it a little harder for hackers, and also
means I can have different PCs on different external ports. As long
as I remember the right port when using remote clients... Rather
than allow password authentication it's better to carry a USB
memory stick with your key (and a copy of putty can be handy too).


Waste of time.

Keep your machine patched and up to date. Pick a *random* password and
remember it. Configure ssh to only allow those users that actually
need to be able to log in to log in.

For good measure pick usernames that are none obvious, i.e. jonathan
would be a really poor username.

I think using a different port does help, because I reckon these scripts
would just go straight for port 22 rather than waste time scanning tens
of thousands of ports. Even if I'm confident they couldn't get the right
username and password I'd rather not have my bandwidth and logs taken up
by their attempts.

--
TH * http://www.realh.co.uk

.

Relevant Pages

  • Re: Do I need these services listening?
    ... >> port as stealth if it gets nothing back. ... Because it knows which of your PCs made the _outbound_ connection. ...
    (comp.security.firewalls)
  • Re: Remote desktop behind ICS?
    ... > have a hosts file on each of my desktop PCs and my laptop. ... > TCP Port 443 open on the firewall. ... didn't thougt of changing remote desktop port number... ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: [RFT] major libata update
    ... it happens when the master slot is occupied by an ATAPI device and the corresponding slave slot is empty. ... The slave slot reports ATAPI signature and passes all legacy presence test thus resulting in timeout on IDENTIFY. ... It seems that the only solution is to make use of the PCS presence bits somehow. ... Please note that we already use some use of the PCS value when probing SATA port. ...
    (Linux-Kernel)
  • Re: FS605 Netgear blinking led? No LAN connection to a PC.
    ... The connection to port 1 cannot be seen from the other two ... The other two PCs can see each other. ... I've reset the switch several times, ...
    (microsoft.public.windowsxp.network_web)
  • Re: modern RS232 ports
    ... I'd say even most PCs that have mothboard-mounted RS-232 connectors still ... And I've seen plenty of PCs that wouldn't recognize incoming serial data if it ... If nothing is plugged into the port, ... to the laptop to see what to do next. ...
    (sci.electronics.design)