Re: OT: How to select a new port number for ssh
On 1/24/2025 12:03 PM, Chris Adams wrote: Once upon a time, Lester Petrie said: I have a NAS I wish to change the ssh port from 22 to something else. How do I go about selecting a good port number? If it's IPv4 and exposed to the Internet, moving to a different port isn't really doesn't do much to secure it; it's not all that hard to scan for SSH on any port (and people do, and it will be found). If it's not exposed... why move it? It just makes an extra hassle when connecting. Basically, moving known services to alternate ports is rarely a good or useful idea. I am pretty sure my router is blocking the access, but it records the attempts in its log. Probably 98-99 percent of the log is these attempts. I want to see what happens to the log if I change the port. Since I am the only one who should be accessing the NAS with ssh, and that is very rarely, I don't mind the extra hassle. -- Lester Petrie -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OT: How to select a new port number for ssh
Once upon a time, Lester Petrie said: > I am pretty sure my router is blocking the access, but it records > the attempts in its log. If it's blocking and logging, then it won't matter if you move the port or even turn off the NAS, the connection attempts will still hit the firewall (because Internet). > Since I am the only one who should be accessing the NAS with > ssh, and that is very rarely, I don't mind the extra hassle. That's IMHO a worse case, because if it's rarely accessed, it's that much harder to remember the alternate port. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OT: How to select a new port number for ssh
On Fri, Jan 24, 2025 at 12:17 PM Lester Petrie wrote: > > > On 1/24/2025 12:03 PM, Chris Adams wrote: > > Once upon a time, Lester Petrie said: > >> I have a NAS I wish to change the ssh port from 22 to something > >> else. How do I go about selecting a good port number? > > > > If it's IPv4 and exposed to the Internet, moving to a different port > > isn't really doesn't do much to secure it; it's not all that hard to > > scan for SSH on any port (and people do, and it will be found). If it's > > not exposed... why move it? It just makes an extra hassle when > > connecting. > > > > Basically, moving known services to alternate ports is rarely a good or > > useful idea. > > I am pretty sure my router is blocking the access, but it records the > attempts in its log. Probably 98-99 percent of the log is these > attempts. I want to see what happens to the log if I change the port. > Since I am the only one who should be accessing the NAS with ssh, and > that is very rarely, I don't mind the extra hassle. Typically what you do in this case is use NAT to map an external port, like 222, to an internal host and port, like myhost.home.arpa:22. The mapping occurs on your router. I use a similar strategy to allow others to test on my internal network. Ports 1520 through 1535 on my router map to different hosts on my internal network, but SSH runs on port 22 on each of the internal hosts. Jeff -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OT: How to select a new port number for ssh
> On 24 Jan 2025, at 17:17, Lester Petrie wrote: > > I want to see what happens to the log if I change the port. It is easy to scan all 64k ports to find sshd. So you should expect no change in attacks. If you leave a secured sshd on 22 the scripts tend to give up faster, which lowers the overhead on your systems. Barry -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OT: How to select a new port number for ssh
On Fri Jan24'25 04:54:36PM, Patrick O'Callaghan wrote: > From: Patrick O'Callaghan > Date: Fri, 24 Jan 2025 16:54:36 + > To: users@lists.fedoraproject.org > Reply-To: Community support for Fedora users > Subject: Re: OT: How to select a new port number for ssh > > On Fri, 2025-01-24 at 11:40 -0500, Lester Petrie wrote: > > I have a NAS I wish to change the ssh port from 22 to something else. > > How do I go about selecting a good port number? > > Look at the standard ports in /etc/services and choose something > different. Depending on access control to the NAS, you might want to > choose something below 1023. > > poc I have not done this for a while, but I have my port set to a nonstandard number. Btw, I was always given to believe that moving it from 22 was the right thing to do because that was the most obvious port to attack. Anyway, in the past, I had to do this (per some helpful instructions from this mailing list) sort of from long ago when firewalld was introduced in Fedora. I last did this about a year (or two) ago, and it worked then. From my notes: # sudo semanage port -p tcp -a -t ssh_port_t ** # where ** is the port number desired ### get into system-config firewall and open the port ** for tcp (I do not have to do this). # add the port number ** in /etc/ssh/sshd_config replacing Port 22 (default) # Now, doing the same using firewalld (not sure if the above has to be done, but the latter has to be done): sudo dnf install firewall-config # Start firewall-config. # At the top, notice there is a drop down menu. Pull down and select "Permanent" # Select the Services Tab and then Edit Services. # Find the ssh entry and click +Add # Add the port you want # Click on the "Reload firewalld" under "Options" # You're done # # Note that you will need to change the port number in /etc/sshd_config if not done earlier: sudo systemctl enable sshd.service I am not sure if these help you, but they are what I have always done when I need a machine (for the past 10-15 years) with incoming ssh. HTH, Ranjan -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OT: How to select a new port number for ssh
Once upon a time, Lester Petrie said: > I have a NAS I wish to change the ssh port from 22 to something > else. How do I go about selecting a good port number? If it's IPv4 and exposed to the Internet, moving to a different port isn't really doesn't do much to secure it; it's not all that hard to scan for SSH on any port (and people do, and it will be found). If it's not exposed... why move it? It just makes an extra hassle when connecting. Basically, moving known services to alternate ports is rarely a good or useful idea. -- Chris Adams -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Webcam with LVFS ?
Hi guys. I think I read on Phoronix about Poly Studio webcams being supported by LVFS but searching through there I failed to find any specific which would confirm that. Does anybody here use Poly Studio P5 - or any webcam for that matter - which can confirm is LVFS-supported? btw. https://fwupd.org/ - although they/maintainers naturally do good job already I wished, that catalog of hardware was organized to be looked up by type/category of hardware - perhaps it is but I miss it? many thanks, L.-- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
OT: How to select a new port number for ssh
I have a NAS I wish to change the ssh port from 22 to something else. How do I go about selecting a good port number? Thanks. -- Lester Petrie -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Update failure in Fedora 40
On 1/23/25 12:30, Barry wrote: On 23 Jan 2025, at 17:53, Robert Nichols via users wrote: qgnomeplatform-qt5 Try removing conflicting packages like qgnomeplatform-qt5 and see if the upgrade will run. Check only a small number of packages will be removed. You can always reinstall any app that got removed after the upgrade has succeeded. That seems to have taken care of it. Not much was removed: [fedora ~]# dnf remove qgnomeplatform-qt5 Dependencies resolved. == Package Architecture VersionRepository Size == Removing: qgnomeplatform-qt5x86_640.9.2-18.fc40 @updates 597 k Removing unused dependencies: qgnomeplatform-common noarch0.9.2-18.fc40 @updates 12 k qt5-qtgraphicaleffectsx86_645.15.15-1.fc40 @updates 664 k qt5-qtquickcontrols2 x86_645.15.15-1.fc40 @updates 8.3 M Transaction Summary == Remove 4 Packages Afterward, "dnf update" found 15 qt6-related packages to update. Once that was done and an image of the disk saved away, the update to Fedora 41 went smoothly. Side note: In the interim, I had that laptop completely torn apart and scattered all over my desk to fix a mechanical problem. I am frankly astonished to find that it all went back together and still runs fine. -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: OT: How to select a new port number for ssh
On Fri, 2025-01-24 at 11:40 -0500, Lester Petrie wrote: > I have a NAS I wish to change the ssh port from 22 to something else. > How do I go about selecting a good port number? Look at the standard ports in /etc/services and choose something different. Depending on access control to the NAS, you might want to choose something below 1023. poc -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Update failure in Fedora 40
On Thu, 2025-01-23 at 17:39 -0600, Robert Nichols via users wrote: > I never actually _used_ dnfdragora. I just saw its notification letting me > know that updates were available. I always use dnf from the command line to > do the actual updates. I never use dnfdragora, but there appears to be no way to get it to shut up other than removing it. poc -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: Update failure in Fedora 40
On Fri, 2025-01-24 at 11:13 +, Patrick O'Callaghan wrote: > I never use dnfdragora, but there appears to be no way to get it to > shut up other than removing it. I can't remember if I removed it (I'm on the wrong computer to check, right now), but I did disable the toolbar app for it from the list of apps in mate-session-properties that get started up when I log in. -- uname -rsvp Linux 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. -- ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
