Hacker News new | comments | show | ask | jobs | submit login

Oh yes, the first thing I do is change the SSH port, eleminates 99,99% of the auth attacks.

Damn. Why didn't I ever think of that? I'm doing that tomorrow.

Remove root login over ssh and disable password logins and you are good to go. If you want to get fancy Google for ssh port knocking.

disable password logins

I can't emphasize this one enough. Unless you need to login from a lot of different machines, there really isn't any excuse not to do this. It also has the bonus of making logins really easy since you don't have to type a password.

If you host your systems on a VPS service like linode or slicehost then you have the backup of a web based console in case you screw up royally and have a HD crash on the one machine your SSH key was on (for example).

Heh, port knocking looks cool, might do that just for the heck of it on a server that only I use.

Also, yes, among with changing the port the only way that should be possible to get in is through 'keys.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact