Comment Re:FYI: iptables tutorial (Score 1) 349
And that is a spiffy, powerful way to block all ports but 22 (ssh), 80 (http) and 443 (https) by using iptables.
This isn't solving the problem. Actually, there are two problems. One is that a multi-user machine might have users that use weak passwords the probers can eventually guess. The other is all those probes. Before I used alternate ports, I've seen as many as half a million probes in just one day. Though no attempt ever got in, it flooded my logs. So it is still to be avoided. For now I'm using port 9173 (not really that one, but similarly obscure).
And you are leaving port 22 open. But even if you do close it and use an alternate port, the concept in this article is that the probers are trying other ports, now. As soon as they starts scanning ports for an SSH banner, they will know where to probe. This isn't solving the problem.
Something more sophisticated is needed. A knock-knock protocol, such as sending a UDP datagram to an obscure port that never responds to anything, but acts on a properly encrypted message by opening another TCP port to the sender or coded IP address (only) for SSH access, would be one good way to do this. Another is pre-shared IPsec in tunnel-mode (no response for packets that fail to decrypt because the inner checksum will fail).