From owner-freebsd-questions@FreeBSD.ORG Fri Dec 28 17:17:37 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 706A216A421 for ; Fri, 28 Dec 2007 17:17:37 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-37.bluehost.com (outbound-mail-37.bluehost.com [69.89.20.191]) by mx1.freebsd.org (Postfix) with SMTP id 2889013C4EC for ; Fri, 28 Dec 2007 17:17:36 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 15302 invoked by uid 0); 28 Dec 2007 17:17:36 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by mailproxy2.bluehost.com with SMTP; 28 Dec 2007 17:17:36 -0000 Received: from c-24-9-123-251.hsd1.co.comcast.net ([24.9.123.251] helo=demeter.hydra) by box183.bluehost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1J8Iq0-00067x-C8 for freebsd-questions@freebsd.org; Fri, 28 Dec 2007 10:17:36 -0700 Received: from demeter.hydra (localhost [127.0.0.1]) by demeter.hydra (8.13.6/8.13.6) with ESMTP id lBSHHYIA092987 for ; Fri, 28 Dec 2007 10:17:34 -0700 (MST) (envelope-from perrin@apotheon.com) Received: (from ren@localhost) by demeter.hydra (8.13.6/8.13.6/Submit) id lBSHHXeZ092986 for freebsd-questions@freebsd.org; Fri, 28 Dec 2007 10:17:33 -0700 (MST) (envelope-from perrin@apotheon.com) X-Authentication-Warning: demeter.hydra: ren set sender to perrin@apotheon.com using -f Date: Fri, 28 Dec 2007 10:17:33 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20071228171733.GB89701@demeter.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20071218040802.GB6678@ayn.mi.celestial.com> <20071218054048.6EE7.A38C9147@seibercom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20071218054048.6EE7.A38C9147@seibercom.net> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.net} {sentby:bopbeforesmtp 24.9.123.251 authed with apotheon.com} Subject: Re: SSH through port forwarding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2007 17:17:37 -0000 On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > > On December 18, 2007 at 12:47AM sham khalil wrote: > > > > once you open port 22 to public ip, you'll get people try to bruteforce your > > machine. > > if you don't want that set sshd to listen to a higher number like 5522 > > then forward port 5522 from the router to the internal machines. > > > > unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > > machine. > > Security through obscurity is a poor substitute for security. Port scanners > will eventually find that port also. One needs something else for security against brute-force attempts, but changing the port number does help cut down on the amount of bandwidth consumption on the LAN side of your router by allowing the router to ignore/deny all incoming traffic on port 22. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Marvin Minsky: "It's just incredible that a trillion-synapse computer could actually spend Saturday afternoon watching a football game."