[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Abuse Desks

On Wed, Apr 29, 2020 at 03:41:06PM +0000, Mel Beckman wrote:
> Joe,
> Is there any reason to have a root-enabled (or any) ssh server
> exposed to the bare Internet? Any at all? Can you name one? 
> I can???t. That???s basically pilot error.


I think you're looking at it the wrong way.  Blaming a potential victim
doesn't solve the problem.

I like to use a metric of "if everybody did this, would it be a good
thing" often.

If everybody					Good thing?
Didn't run SSHD on public Inet			Yes

Ran SSH scanners against the rest of the Inet	No

Ran SSH scanners against their own gear and
	used it to shut down unnecessary SSH	Yes

The problem is that you're talking about the first case, but the actual
problem is the second case.  If this trash is allowed to continue, there
is a point where your server will just get swamped by a growing number
of SSH probes.

Also, exposing SSH to the Internet is, for better or for worse, the way
many cloud services enable access to their cloud VM's/instances/droplets/

And, finally, yes, there are reasons to expose SSH servers to the 
Internet.  A well-defended SSH server can do things such as allow other
parties access to your server.  I run a number of bastion SSH servers
for various purposes.  You do not need to do so in an obvious manner.

That doesn't mean I'm inviting unauthorized parties to try to connect 
to them.

... JG
Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net
"The strain of anti-intellectualism has been a constant thread winding its way
through our political and cultural life, nurtured by the false notion that
democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov