Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Oct 2011 16:51:20 +0200
From:      Polytropon <freebsd@edvax.de>
To:        Bruce Cran <bruce@cran.org.uk>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Breakin attempt
Message-ID:  <20111022165120.c000b368.freebsd@edvax.de>
In-Reply-To: <85D6B8A7-9AF6-4188-BC58-F8CBF5ED9E91@cran.org.uk>
References:  <000001cc90c0$a0c16050$e24420f0$@org> <4EA2CE72.5030202@cran.org.uk> <20111022161242.11803f76.freebsd@edvax.de> <85D6B8A7-9AF6-4188-BC58-F8CBF5ED9E91@cran.org.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 22 Oct 2011 15:37:55 +0100, Bruce Cran wrote:
> 
> On 22 Oct 2011, at 15:12, Polytropon wrote:
> 
> > On Sat, 22 Oct 2011 15:08:50 +0100, Bruce Cran wrote:
> >> I suspect that these sorts of attacks are fairly normal if you're 
> >> running ssh on the standard port. I used to have lots of 'break-in 
> >> attempts' before I moved the ssh server to a different port.
> > 
> > Is there _any_ reason why moving from port 22 to something
> > different is _not_ a solution?
> 
> If you run some sort of shell server, or where many people
> need to login using ssh, you'll have a bit of a support
> problem telling people to select the non-default port.

No problem here, as login systems are preconfigured and
come with "hardcoded" settings. No "user-serviceable"
parts inside. :-)



> Also, some might consider it security through obscurity,
> which is often said to be a bad thing.

Okay, that's a pragmatic reason I do understand.

But: There are no basic _technical_ reasons NOT to move the
SSH system to a nonstandard port, right?

I'm aware that a portscan might reveal the "hidden" SSH port,
but this solution at least terminates the break-in activity
on the default port (which seems to be the main target in
most cases).



-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20111022165120.c000b368.freebsd>