From owner-freebsd-questions@FreeBSD.ORG Sat Oct 22 19:18:27 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2D0B5106566B for ; Sat, 22 Oct 2011 19:18:27 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from mail.locolomo.org (97.pool85-48-194.static.orange.es [85.48.194.97]) by mx1.freebsd.org (Postfix) with ESMTP id D88DD8FC08 for ; Sat, 22 Oct 2011 19:18:26 +0000 (UTC) Received: from gamma.lan.locolomo.org (gamma.lan.locolomo.org [192.168.0.33]) by mail.locolomo.org (Postfix) with ESMTPSA id 24BD01C0841 for ; Sat, 22 Oct 2011 21:18:25 +0200 (CEST) Message-ID: <4EA31702.7080406@locolomo.org> Date: Sat, 22 Oct 2011 21:18:26 +0200 From: =?ISO-8859-1?Q?Erik_N=F8rgaard?= User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: <000001cc90c0$a0c16050$e24420f0$@org> <4EA2CE72.5030202@cran.org.uk> <20111022161242.11803f76.freebsd@edvax.de> In-Reply-To: <20111022161242.11803f76.freebsd@edvax.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: Breakin attempt X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Oct 2011 19:18:27 -0000 On 22/10/2011 16:12, Polytropon wrote: > Is there _any_ reason why moving from port 22 to something > different is _not_ a solution? Yes > Reason why I'm asking: Moving SSH away from its default port > seems to be a relatively good solution as break-in attempts > concentrate on default ports. So in case a sysadmin decides > to move SSH to a "hidden" location, what could be an argument > against this decision? Moving to a non standard port does not provide you any additional real security. The random scannings and occasional attacks will disappear from your logs but these are not interesting, they fail because you already hardened your server. Those who are determined to break into your server will also find your ssh running on a non-standard port. On the other hand, those legitimate users who rely on ssh to connect remotely to their account may not be able to because the firewall on the network only allows access to standard ports for whatever reason, and running ssh on port, say, 24 is a non-standard port. It is actually common to block access to most ports and allow access only through a proxy, and then open for those particular services that will not run through a proxy. Hence, if you want to be sure to be able to connect remotely, your best bet is to run your services on standard ports. In summary, nothing is won moving ssh to a nonstandard port except for potential problems. BR, Erik