Date: Fri, 28 Dec 2007 12:19:44 -0800 From: Brian <bri@brianwhalen.net> To: freebsd-questions@freebsd.org Subject: Re: SSH through port forwarding Message-ID: <47755A60.6030301@brianwhalen.net> In-Reply-To: <20071228171733.GB89701@demeter.hydra> References: <20071218040802.GB6678@ayn.mi.celestial.com> <f5ccf92b0712172147n5f97e8e0qf2c871753f0298bc@mail.gmail.com> <20071218054048.6EE7.A38C9147@seibercom.net> <20071228171733.GB89701@demeter.hydra>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad Perrin wrote: > On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > >>> On December 18, 2007 at 12:47AM sham khalil wrote: >>> >>> once you open port 22 to public ip, you'll get people try to bruteforce your >>> machine. >>> if you don't want that set sshd to listen to a higher number like 5522 >>> then forward port 5522 from the router to the internal machines. >>> >>> unfortunately for wrt54g, you can't forward port 5522 to 22 for internal >>> machine. >>> >> Security through obscurity is a poor substitute for security. Port scanners >> will eventually find that port also. >> > > One needs something else for security against brute-force attempts, but > changing the port number does help cut down on the amount of bandwidth > consumption on the LAN side of your router by allowing the router to > ignore/deny all incoming traffic on port 22. > > Has denyhosts been considered? Brian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47755A60.6030301>