From owner-freebsd-questions@FreeBSD.ORG  Mon Sep  8 14:29:36 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4F2CF106566B
	for <freebsd-questions@freebsd.org>;
	Mon,  8 Sep 2008 14:29:36 +0000 (UTC)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net
	[66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id 14D018FC13
	for <freebsd-questions@freebsd.org>;
	Mon,  8 Sep 2008 14:29:35 +0000 (UTC)
	(envelope-from freebsd-questions-local@be-well.ilk.org)
Received: by be-well.ilk.org (Postfix, from userid 1147)
	id EBBCA28431; Mon,  8 Sep 2008 10:29:34 -0400 (EDT)
To: joeb@a1poweruser.com
References: <NBECLJEKGLBKHHFFANMBCEICCKAA.joeb@a1poweruser.com>
From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org>
Date: Mon, 08 Sep 2008 10:29:34 -0400
In-Reply-To: <NBECLJEKGLBKHHFFANMBCEICCKAA.joeb@a1poweruser.com>
	(joeb@a1poweruser.com's message of "Mon\,
	8 Sep 2008 10\:20\:17 +0800")
Message-ID: <44ljy2r9rl.fsf@be-well.ilk.org>
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.2 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: freebsd-questions@freebsd.org, FBSD1 <fbsd1@a1poweruser.com>
Subject: Re: ssh
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Sep 2008 14:29:36 -0000

"joeb" <joeb@a1poweruser.com> writes:

> In FreeBSD 6.2 and older the port SSH listened on was controlled by
> /etc/services. Now in 7.0 SSH no longer looks at /etc/services to find out
> what port to listen on. Is this by design or error in the move to a newer
> release of SSH?

I hadn't noticed that sshd had *ever* used that file for that
purpose.  It can be explicitly configured for a variety of
address/port configurations, using the "Port" and "ListenAddress"
configurations in the sshd_config file.  Or overridden on the command
line.  I recommend you leave the services file standard and modify the
config file, because that's how other admins would expect you to have
done it anyway.

> When it comes to security through obscurity don't be so fast to shoot it
> down.  On my system port 22 was receiving over 700 scans or login attempts a
> day. Changing the SSH to use xx22 port stopped all the high school and
> college script kiddies cold. Now I only get maybe 5 hits on my xx22 port
> every 3 months. 

I would word it a little differently. I don't think of changing the
ssh port as providing security at all: what it does is allows you to
put less effort into providing (roughly) the same security.  Still a
desirable goal.

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/