Comment on How to harden against SSH brute-forcing?
irmadlad@lemmy.world 1 day agoMy two cents: Using a nonstandard ssh port is good for dumping bots. True, you can easily do a port scan against a server and easily find all open ports nbd. But most off-the-shelf bots are looking for standard ports to penetrate. I know that when I format and reinstall the test server, as soon as I change the ssh port, bot noise goes down significantly. So, for a simple config edit and about 2 minutes of time, it seems worth the effort. It’s just one layer tho. And yes, it goes without saying to pick a port other than 22, 222, 2222, etc.
loudWaterEnjoyer@lemmy.dbzer0.com 14 hours ago
How about 22222?
sugar_in_your_tea@sh.itjust.works 13 hours ago
Oh, that one’s fine. Everyone knows that 5-digit ports add extra security, which is why WireGuard runs on port 51820 by default. /s