Way to miss the point dude. I'm not saying that moving the ssh port is harmful. But that it's the sort of meaningless security measure you should steer newbies who wish to secure their systems away from, and instead suggest things that will actually increase their security.

But you have to admit, he really is doomed

I'm also with vonskippy. Reducing log clutter and reducing bandwidth usage are two good reasons I can think of to keep SSH off port 22. It's a pain to type -p nnn but not that bad. I've had zero connection issues and I've been doing it since 2004.

I agree in your point where newbies have to understand that moving ssh ports is not really for securing a system but to ease up administration (reducing log clutter, bandwidth, peace of mind, etc)

OTOH I have never had any connection issues to non-standard ssh ports yet. Also, I use ~/.ssh/config to avoid typing -p ## all the time (and of course many more options in there).

Thanks for all the replies! Very much appreciated!

I turned off passwords and moved to public key authorization.
I found that the LAMP server had suhosin already after all, saved me some time.
Activated the limit function in UFW to ban IPs with multiple failed logins.
Installed logwatch, it seems to do reports via e-mail so I guess I need to open holes in the firewall for that... Would allow smtp be enough?

I still couldn't get ssh to work over a custom port but it may have something to do with the firewall on my local machine, I'll investigate it further but if I understand correctly then when using key authorization it may not be that urgent.



Not really sure what you mean by "how" I run it? I have since (based on jlevandowski's suggestion, thanks!) changed it to run over HTTPS. I also put all of it behind an .htaccess password, I figured that you'd have to crack that password before you can see that the server is running phpmyadmin at all. Famous last words, I know, but at least it's not immediately obvious to the casual observer.

My personal preference for running phpmyadmin is restricting it to the local host then connecting via a ssh tunnel.

You don't need to open a hole in the firewall for this. However you do need postfix (or similar so that mail can go out from your server).

Thanks, I got it working after I fixed some errors in the postfix config on one server.

I also restricted access to the phpmyadmin site to my own IP as well, starting to feel pretty good about it all now, let's hope it lasts.

Cheers!