Date: Sat, 22 Oct 2011 21:18:26 +0200 From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= <norgaard@locolomo.org> To: freebsd-questions@freebsd.org Subject: Re: Breakin attempt Message-ID: <4EA31702.7080406@locolomo.org> In-Reply-To: <20111022161242.11803f76.freebsd@edvax.de> References: <000001cc90c0$a0c16050$e24420f0$@org> <4EA2CE72.5030202@cran.org.uk> <20111022161242.11803f76.freebsd@edvax.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 22/10/2011 16:12, Polytropon wrote: > Is there _any_ reason why moving from port 22 to something > different is _not_ a solution? Yes > Reason why I'm asking: Moving SSH away from its default port > seems to be a relatively good solution as break-in attempts > concentrate on default ports. So in case a sysadmin decides > to move SSH to a "hidden" location, what could be an argument > against this decision? Moving to a non standard port does not provide you any additional real security. The random scannings and occasional attacks will disappear from your logs but these are not interesting, they fail because you already hardened your server. Those who are determined to break into your server will also find your ssh running on a non-standard port. On the other hand, those legitimate users who rely on ssh to connect remotely to their account may not be able to because the firewall on the network only allows access to standard ports for whatever reason, and running ssh on port, say, 24 is a non-standard port. It is actually common to block access to most ports and allow access only through a proxy, and then open for those particular services that will not run through a proxy. Hence, if you want to be sure to be able to connect remotely, your best bet is to run your services on standard ports. In summary, nothing is won moving ssh to a nonstandard port except for potential problems. BR, Erik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EA31702.7080406>