From owner-freebsd-questions@FreeBSD.ORG Sat Oct 22 14:51:21 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C6C261065673 for ; Sat, 22 Oct 2011 14:51:21 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx01.qsc.de (mx01.qsc.de [213.148.129.14]) by mx1.freebsd.org (Postfix) with ESMTP id 8A28E8FC0A for ; Sat, 22 Oct 2011 14:51:21 +0000 (UTC) Received: from r56.edvax.de (port-92-195-104-16.dynamic.qsc.de [92.195.104.16]) by mx01.qsc.de (Postfix) with ESMTP id 98F333D1D8; Sat, 22 Oct 2011 16:51:20 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id p9MEpKsN002871; Sat, 22 Oct 2011 16:51:20 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sat, 22 Oct 2011 16:51:20 +0200 From: Polytropon To: Bruce Cran Message-Id: <20111022165120.c000b368.freebsd@edvax.de> In-Reply-To: <85D6B8A7-9AF6-4188-BC58-F8CBF5ED9E91@cran.org.uk> References: <000001cc90c0$a0c16050$e24420f0$@org> <4EA2CE72.5030202@cran.org.uk> <20111022161242.11803f76.freebsd@edvax.de> <85D6B8A7-9AF6-4188-BC58-F8CBF5ED9E91@cran.org.uk> Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Polytropon List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2011 14:51:21 -0000 On Sat, 22 Oct 2011 15:37:55 +0100, Bruce Cran wrote: > > On 22 Oct 2011, at 15:12, Polytropon wrote: > > > On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote: > >> I suspect that these sorts of attacks are fairly normal if you're > >> running ssh on the standard port. I used to have lots of 'break-in > >> attempts' before I moved the ssh server to a different port. > > > > Is there _any_ reason why moving from port 22 to something > > different is _not_ a solution? > > If you run some sort of shell server, or where many people > need to login using ssh, you'll have a bit of a support > problem telling people to select the non-default port. No problem here, as login systems are preconfigured and come with "hardcoded" settings. No "user-serviceable" parts inside. :-) > Also, some might consider it security through obscurity, > which is often said to be a bad thing. Okay, that's a pragmatic reason I do understand. But: There are no basic _technical_ reasons NOT to move the SSH system to a nonstandard port, right? I'm aware that a portscan might reveal the "hidden" SSH port, but this solution at least terminates the break-in activity on the default port (which seems to be the main target in most cases). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...