On 22/10/2011 16:12, Polytropon wrote:
Is there _any_ reason why moving from port 22 to something
different is _not_ a solution?
Yes
Reason why I'm asking: Moving SSH away from its default port
seems to be a relatively good solution as break-in attempts
concentrate on default ports. So in case a sysadmin decides
to move SSH to a "hidden" location, what could be an argument
against this decision?
Moving to a non standard port does not provide you any additional real
security. The random scannings and occasional attacks will disappear
from your logs but these are not interesting, they fail because you
already hardened your server. Those who are determined to break into
your server will also find your ssh running on a non-standard port.
On the other hand, those legitimate users who rely on ssh to connect
remotely to their account may not be able to because the firewall on the
network only allows access to standard ports for whatever reason, and
running ssh on port, say, 24 is a non-standard port. It is actually
common to block access to most ports and allow access only through a
proxy, and then open for those particular services that will not run
through a proxy. Hence, if you want to be sure to be able to connect
remotely, your best bet is to run your services on standard ports.
In summary, nothing is won moving ssh to a nonstandard port except for
potential problems.
BR, Erik
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
