![[logo]](logo.png){kind=logo}
The first thing that these script kiddies are looking for is any machine that is accepting connections on port 22 (the standard port for SSH servers). We'll we can eliminate a huge amount of risk by just running our SSH server on an alternate port. Just pick anything.. 1234, 1974, 9999.. anything will work. To tell the SSH server to run on that port, just edit /etc/ssh/sshd_config and look for a line that says something like "Port 22". Change the 22 to the port number you chose and save the file. Now, you'll need to restart the SSH server with something like this
/etc/init.d/ssh restartAfter doing this, a normal ssh my.server.com will no longer work, you'll either need to issue the command more like this ssh -p 1234 my.server.com or edit the file /etc/ssh/ssh_config on your client machine and change the "Port 22" line to "Port 1234" or the appropriate port number. One reason you might not be able to do this is, like my workplace, the site you are trying to ssh from might block outgoing connections on alternate ports. My workplace only allows outgoing connections on a handfull of ports, so I can't do this, but there are plenty of other ways to impede the attacks.
All of the following changes will also be made in the file /etc/ssh/sshd_config, so open this file in your favorite editor and save the file when you've completed all of the changes you want to use. After the save, you'll need to restart your SSH server with the above command.
Next, we want to make sure that our SSH server is only using version 2 of the SSH protocol. It's more secure than any previous versions. Ensure that the line "Protocol X,X" says only "Protocol 2".