Date: Mon, 08 Sep 2008 10:29:34 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: joeb@a1poweruser.com Cc: freebsd-questions@freebsd.org, FBSD1 <fbsd1@a1poweruser.com> Subject: Re: ssh Message-ID: <44ljy2r9rl.fsf@be-well.ilk.org> In-Reply-To: <NBECLJEKGLBKHHFFANMBCEICCKAA.joeb@a1poweruser.com> (joeb@a1poweruser.com's message of "Mon\, 8 Sep 2008 10\:20\:17 %2B0800") References: <NBECLJEKGLBKHHFFANMBCEICCKAA.joeb@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"joeb" <joeb@a1poweruser.com> writes: > In FreeBSD 6.2 and older the port SSH listened on was controlled by > /etc/services. Now in 7.0 SSH no longer looks at /etc/services to find out > what port to listen on. Is this by design or error in the move to a newer > release of SSH? I hadn't noticed that sshd had *ever* used that file for that purpose. It can be explicitly configured for a variety of address/port configurations, using the "Port" and "ListenAddress" configurations in the sshd_config file. Or overridden on the command line. I recommend you leave the services file standard and modify the config file, because that's how other admins would expect you to have done it anyway. > When it comes to security through obscurity don't be so fast to shoot it > down. On my system port 22 was receiving over 700 scans or login attempts a > day. Changing the SSH to use xx22 port stopped all the high school and > college script kiddies cold. Now I only get maybe 5 hits on my xx22 port > every 3 months. I would word it a little differently. I don't think of changing the ssh port as providing security at all: what it does is allows you to put less effort into providing (roughly) the same security. Still a desirable goal. -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44ljy2r9rl.fsf>