From owner-freebsd-questions@FreeBSD.ORG Fri Dec 28 21:40:10 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A79D516A474 for ; Fri, 28 Dec 2007 21:40:10 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: from outbound-mail-41.bluehost.com (outbound-mail-41.bluehost.com [69.89.18.10]) by mx1.freebsd.org (Postfix) with SMTP id 8542F13C45A for ; Fri, 28 Dec 2007 21:40:10 +0000 (UTC) (envelope-from perrin@apotheon.com) Received: (qmail 21844 invoked by uid 0); 28 Dec 2007 21:40:10 -0000 Received: from unknown (HELO box183.bluehost.com) (69.89.25.183) by mailproxy3.bluehost.com with SMTP; 28 Dec 2007 21:40:10 -0000 Received: from c-24-9-123-251.hsd1.co.comcast.net ([24.9.123.251] helo=demeter.hydra) by box183.bluehost.com with esmtps (TLSv1:AES256-SHA:256) (Exim 4.68) (envelope-from ) id 1J8Mw5-0004cf-Tw for freebsd-questions@freebsd.org; Fri, 28 Dec 2007 14:40:10 -0700 Received: from demeter.hydra (localhost [127.0.0.1]) by demeter.hydra (8.13.6/8.13.6) with ESMTP id lBSLe8dV094016 for ; Fri, 28 Dec 2007 14:40:08 -0700 (MST) (envelope-from perrin@apotheon.com) Received: (from ren@localhost) by demeter.hydra (8.13.6/8.13.6/Submit) id lBSLe7KW094015 for freebsd-questions@freebsd.org; Fri, 28 Dec 2007 14:40:07 -0700 (MST) (envelope-from perrin@apotheon.com) X-Authentication-Warning: demeter.hydra: ren set sender to perrin@apotheon.com using -f Date: Fri, 28 Dec 2007 14:40:07 -0700 From: Chad Perrin To: freebsd-questions@freebsd.org Message-ID: <20071228214007.GH89701@demeter.hydra> Mail-Followup-To: freebsd-questions@freebsd.org References: <20071218040802.GB6678@ayn.mi.celestial.com> <20071218054048.6EE7.A38C9147@seibercom.net> <20071228171733.GB89701@demeter.hydra> <47755A60.6030301@brianwhalen.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <47755A60.6030301@brianwhalen.net> User-Agent: Mutt/1.4.2.3i X-Identified-User: {737:box183.bluehost.com:apotheon:apotheon.net} {sentby:bopbeforesmtp 24.9.123.251 authed with apotheon.com} Subject: Re: SSH through port forwarding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Dec 2007 21:40:10 -0000 On Fri, Dec 28, 2007 at 12:19:44PM -0800, Brian wrote: > Chad Perrin wrote: > >On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > > > >>>On December 18, 2007 at 12:47AM sham khalil wrote: > >>> > >>>once you open port 22 to public ip, you'll get people try to bruteforce > >>>your > >>>machine. > >>>if you don't want that set sshd to listen to a higher number like 5522 > >>>then forward port 5522 from the router to the internal machines. > >>> > >>>unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > >>>machine. > >>> > >>Security through obscurity is a poor substitute for security. Port > >>scanners > >>will eventually find that port also. > >> > > > >One needs something else for security against brute-force attempts, but > >changing the port number does help cut down on the amount of bandwidth > >consumption on the LAN side of your router by allowing the router to > >ignore/deny all incoming traffic on port 22. > > > Has denyhosts been considered? It has been considered (and used) by me -- but I have no idea about the OP. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Larry Wall: "A script is what you give the actors. A program is what you give the audience."