Re: usefulness of changing ssh ports



On 3 Aug, 04:52, comph...@xxxxxxxxx (Todd H.) wrote:
Randy Yates <ya...@xxxxxxxx> writes:
Assigning ssh to a different port number is not worth too much
security-wise, is it? If the access rate to the machine is typical,
all 65536 ports could be scanned first for a hot ssh connection in a
matter of minutes or even seconds, no?

Practically, if you move to a non-standard port you'll see denied
attempts to connect drop nearly to 0 in your connection logs, leaving
you with a lot less shit to sift through as you regularly review your
logfiles.

Leave it on 22 and you'll have all the freaking script kiddie stuff
brute force guessing ya 24/7.

Bingo. cluttering your logs is really irritating, and should only be
encouraged if you're an aggressive administrator running a honey pot
to trap and report the little vermin.

Port knocking is sweet to avoid just this problem, fortunately.

.



Relevant Pages

  • Re: SSH trickery using -R
    ... > ssh connection to a remote machine, using the -R switch, which opens a ... > port on the remote machine, which is then redirected to the local ... on a port of my choosing. ... I also usually put the ssh comman inside a shell script with ...
    (Fedora)
  • Re: [opensuse] Reverse SSH - How?
    ... Is it possible to have an outbound ssh connection "reversed" so that the ... open port on a remote server. ... server and access the target PC. ... server I control in the cloud. ...
    (SuSE)
  • Re: [opensuse] Reverse SSH - How?
    ... Is it possible to have an outbound ssh connection "reversed" so that the ... open port on a remote server. ... server and access the target PC. ... Now I use autossh to manage the reverse tunnel for me. ...
    (SuSE)
  • Re: Way to make an ssh tunnel be the "default router"
    ... > computer that has access to the Intranet. ... > I would like to create an ssh connection between my computer and the ... you can set up a "dynamic" port forward in your client ... localhost:1080 as a SOCKS proxy, ...
    (comp.os.linux.networking)
  • Tunnelling through localhost address...
    ... I tunnel an SSH connection through a port ... MSTSC terminal services client application. ... A new console session cannot be established.". ...
    (microsoft.public.windowsxp.security_admin)