SSH Tricks

[dlsspy]

Security advice from someone making it easier to login as root on boxes...

The first things I do with sshd on any machine are 1) disable remote root login and 2) disable password login.

[mkramlich]

same here

plus move it to a high non-standard port

[pestaa]

But security through obscurity... oh, wait, you actually secured the box!

[wglb]

I move the port after doing the stuff he notes above, but it is for reducing the junk in the log about failed logins.

[bradleyland]

Seconded!

Our fail2ban processes were using a not-insignificant amount of resources while sshd was listening on port 22. Moving to a high port shifted it to somewhere in the "dead last" range in the CPU time column.