On Friday 31 Aug 2012 22:42:26 Thomas Backlund wrote: > Why not simply have sshd listen on 2 ports and skip need for port > forwarding? > > > Just uncomment the "Port 22" line in /etc/ssh/sshd_config > and add a second line with the second port > > so it would look like > > Port 22 > Port 5122 > > and restart sshd > > with this all access that expects port 22 will continue to work, > and you can also access it through the new 5122 port. > > Simple and effective, and no portforwarding needed. > > -- > Thomas
And add 5122/tcp to the "Advanced" tab in MCC -> Security -> Personal Firewall (if you are using a personal firewall). If the server is accessible from the internet I would recommend some further changes to sshd_conf. This is what I use (assuming this is a server for personal use, not with hundreds of users connecting):- ================================================= LoginGraceTime 120 PermitRootLogin no TCPKeepAlive yes AllowUsers ->your user name here<- MaxStartups 2:90:4 ================================================== The "MaxStartups" parameter deters the script kiddies trying to guess the password:- MaxStartups ======== Specifies the maximum number of concurrent unauthenticated connections to the SSH daemon. Additional connections will be dropped until authentication succeeds or the LoginGraceTime expires for a connection. The default is 10. Alternatively, random early drop can be enabled by specifying the three colon separated values “start:rate:full” (e.g. "10:30:60"). sshd(8) will refuse connection attempts with a probability of “rate/100” (30%) if there are currently “start” (10) unauthenticated connections. The probability increases linearly and all connection attempts are refused if the number of unauthenticated connections reaches “full” (60). Cheers Deri
