|
|
|
|
|
|
by spindritf
4638 days ago
|
|
|
> I mean, you could easily stop using the DNS and use raw IP addresses for everything - this should cut down on your attacks and maybe even spam, right? No, it wouldn't. But you do have a point. And most sysadmins don't let just anyone axfr their zone. Like changing the port, it's not a security measure and it will inconvenience someone every once in a while. Still, I don't need to advertise every host I run. Same with using a PO box or your provider's info for whois. It's not going to deter anyone determined but it cuts down on some casual annoyances. EDIT: Also, setting the port Host *.whatever.net
IdentityFile ~/.ssh/whatever
ServerAliveInterval 10
port 17022
in ssh config costs you nothing, one more line in a config you'd have to write anyway. |
|
|
So why do it? And port knocking will inconvenience every user, all the time.
> setting the port in ssh config costs you nothing
It costs complexity for all users of the system. This includes you, all other people using it, all servers and their services wanting SSH access, etc. Standards are a good thing.