tightening ssh

[Mike Klinke]

On Saturday 19 November 2005 06:47, Claude Jones wrote:
> Won't simple scans reveal the existence of ssh access on a
> non-standard port? 

Yes.

> Is this really much protection? Is it merely a 
> question of reducing odds?

Yes.  It'll stop those who use automated scripts that aren't 
flexible enough to scan for alternative ports.

> I need to give access to an associate who gets his dsl ip 
> address via dhcp, so it's always changing. 

Do you know what "always changing" means in this context?  I too 
have a few people that log in via an address assigned via dhcp but 
in practice their address doesn't change but once or twice a year.  
If this is true in your case a simple exchange of emails to let you 
know to change the firewall rule for the new address may be the 
most secure method you're considering.

Regards, Mike Klinke