Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 19 Sep 2011 21:07:47 -0500 (CDT)
From:      Robert Bonomi <bonomi@mail.r-bonomi.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: limit number of ssh connections
Message-ID:  <201109200207.p8K27lTO056965@mail.r-bonomi.com>
In-Reply-To: <86fwjst6ld.fsf@red.stonehenge.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> From owner-freebsd-questions@freebsd.org  Mon Sep 19 19:12:32 2011
> From: merlyn@stonehenge.com (Randal L. Schwartz)
> To: Paul Macdonald <paul@ifdnrg.com>
> Date: Mon, 19 Sep 2011 17:12:14 -0700
> Cc: James Strother <jstrother9109@gmail.com>, freebsd-questions@freebsd.org
> Subject: Re: limit number of ssh connections
>
> >>>>> "Paul" == Paul Macdonald <paul@ifdnrg.com> writes:
>
> Paul> in my experience running ssh on a high port cuts the amount of
> Paul> unwanted ssh connections to approximately zero, in fact i got a 
> Paul> surprise when seeing a sec log from a box which i hadn't done this 
> Paul> for
>
> I run sshd on 443 (for firewall-bending reasons), and the only 
> connections I see there are people trying to break into the web.  Never 
> an actual sshd hit. :)

A wise man said: "this belongs in the "security for dummies" pile right
along with "turning off your SSID announce" and "use MAC address filtering"
when people talk about wifi "security".  All three are useless and give you 
a false sense of having "increased" security.

IT is worthy of note that 'merely' running sshd on an 'unconventional'
port provides _less_ of an increase in security than portknocking does. :)

That said, _I_ also run sshd on the "well-known port" for unrelated services.
*NOT* because I have a belief it provides any increase in security -- it 
_doesn't_ -- but simply to eliminate the script-kiddie 'doorknob rattling'
'clutter' from the logs. Making it far easier to see a truely 'targeted'
attempt.  'Clutter elimination' makes it -- *or* portknocking -- "worth
doing" even though neither provide any "measurable" increase in 'real'
security.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201109200207.p8K27lTO056965>