From owner-freebsd-questions@FreeBSD.ORG Mon Feb 12 21:51:56 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5BF3916A400 for ; Mon, 12 Feb 2007 21:51:56 +0000 (UTC) (envelope-from gerard@seibercom.net) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.233]) by mx1.freebsd.org (Postfix) with ESMTP id E753C13C441 for ; Mon, 12 Feb 2007 21:51:55 +0000 (UTC) (envelope-from gerard@seibercom.net) Received: by wx-out-0506.google.com with SMTP id s18so1769712wxc for ; Mon, 12 Feb 2007 13:51:55 -0800 (PST) Received: by 10.70.113.5 with SMTP id l5mr1299051wxc.1171317115351; Mon, 12 Feb 2007 13:51:55 -0800 (PST) Received: from ?192.168.0.4? ( [67.189.184.224]) by mx.google.com with ESMTP id h7sm12202365wxd.2007.02.12.13.51.55; Mon, 12 Feb 2007 13:51:55 -0800 (PST) Date: Mon, 12 Feb 2007 16:52:01 -0500 From: Gerard Seibert To: User Questions Organization: Seibercom.NET In-Reply-To: <1B0CF7A0-1448-4CF6-8DCB-9D5AFF09FDE6@mac.com> References: <45CEC7A4.7030802@ephgroup.com> <1B0CF7A0-1448-4CF6-8DCB-9D5AFF09FDE6@mac.com> X-Face: "\j?x](l|]4p?-1Bf@!wN<&p=$.}^k-HgL}cJKbQZ3r#Ar]\%U(#6}'?<3s7%(%(gxJxxcR nSNPNr*/^~StawWU9KDJ-CT0k$f#@t2^K&BS_f|?ZV/.7Q Message-Id: <20070212164841.7226.GERARD@seibercom.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-Mailer: Becky! ver. 2.30.02 [en] Subject: Re: Onpening and Closing ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: User Questions List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2007 21:51:56 -0000 On Monday February 12, 2007 at 04:27:53 (PM) Chuck Swiger wrote: > On Feb 10, 2007, at 11:37 PM, Dave Carrera wrote: > > Had a little nasty person trying to break my sshd on port 22. > > > > I need to change and open a new port for sshd but i do not know how. > > > > Can one of you kind people help me with this please > > If you use good passwords, the SSH dictionary attacks are not a great > concern. However, you can pass sshd the "-p 2222" flag to change the > port from the default of 22 to (for example) 2222. To make this > change permanent, add: > > sshd_flags="-p 2222" > > ..to /etc/rc.conf. Why not just use SSH certificates and forget about worrying about password attacks. The OP could also limit the addresses that could logon as well as the actual users. Combined, that would secure a sever far better than the "Security Through Obscurity" approach. Just my 2ยข. -- Gerard "I choose to ignore, of course, the fact that self-Googling is perhaps the most narcissistic thing a person can do that doesn't involve actually humping a mirror." Dan Kois