top | item 33315486

(no title)

anjbe | 3 years ago

When that day comes, a machine running sshd on a high port will have to be wiped, because how can you trust that nobody’s scanned your ports, exploited your server, and eliminated the traces?

When an OpenSSH zero‐day gets released, you can bet your bottom dollar people will be scanning full port ranges for SSH servers. And only one of them has to find you.

If that’s the scenario you’re worried about, don’t rely on obscure ports. Run your sshd behind a VPN.

discuss

unknown|3 years ago

[deleted]