You are here

security

fail2ban and sshd on non-standard port

Sometimes wifi connections only allow connections to a limited range of ports. In Israel connections to ports over 1024 were seriously throttled. So I put the SSH server of one machine on port 22. When going through /var/log/auth last week I found many bots trying to enter with standard names. So I installed fail2ban, today I'm checking and everything is working fine. For your own safety you can set up IP addresses that can always come through. Merely putting sshd on a non-standard port seems to be a more adequate way to keep bots out.