Date: Mon, 12 Feb 2007 16:52:01 -0500 From: Gerard Seibert <gerard@seibercom.net> To: User Questions <freebsd-questions@freebsd.org> Subject: Re: Onpening and Closing ports Message-ID: <20070212164841.7226.GERARD@seibercom.net> In-Reply-To: <1B0CF7A0-1448-4CF6-8DCB-9D5AFF09FDE6@mac.com> References: <45CEC7A4.7030802@ephgroup.com> <1B0CF7A0-1448-4CF6-8DCB-9D5AFF09FDE6@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday February 12, 2007 at 04:27:53 (PM) Chuck Swiger wrote:
> On Feb 10, 2007, at 11:37 PM, Dave Carrera wrote:
> > Had a little nasty person trying to break my sshd on port 22.
> >
> > I need to change and open a new port for sshd but i do not know how.
> >
> > Can one of you kind people help me with this please
>
> If you use good passwords, the SSH dictionary attacks are not a great
> concern. However, you can pass sshd the "-p 2222" flag to change the
> port from the default of 22 to (for example) 2222. To make this
> change permanent, add:
>
> sshd_flags="-p 2222"
>
> ..to /etc/rc.conf.
Why not just use SSH certificates and forget about worrying about
password attacks. The OP could also limit the addresses that could logon
as well as the actual users. Combined, that would secure a sever far
better than the "Security Through Obscurity" approach.
Just my 2ยข.
--
Gerard
"I choose to ignore, of course, the fact that self-Googling
is perhaps the most narcissistic thing a person can do that doesn't
involve actually humping a mirror."
Dan Kois
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070212164841.7226.GERARD>