Date: Fri, 28 Dec 2007 14:40:07 -0700 From: Chad Perrin <perrin@apotheon.com> To: freebsd-questions@freebsd.org Subject: Re: SSH through port forwarding Message-ID: <20071228214007.GH89701@demeter.hydra> In-Reply-To: <47755A60.6030301@brianwhalen.net> References: <20071218040802.GB6678@ayn.mi.celestial.com> <f5ccf92b0712172147n5f97e8e0qf2c871753f0298bc@mail.gmail.com> <20071218054048.6EE7.A38C9147@seibercom.net> <20071228171733.GB89701@demeter.hydra> <47755A60.6030301@brianwhalen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 28, 2007 at 12:19:44PM -0800, Brian wrote: > Chad Perrin wrote: > >On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote: > > > >>>On December 18, 2007 at 12:47AM sham khalil wrote: > >>> > >>>once you open port 22 to public ip, you'll get people try to bruteforce > >>>your > >>>machine. > >>>if you don't want that set sshd to listen to a higher number like 5522 > >>>then forward port 5522 from the router to the internal machines. > >>> > >>>unfortunately for wrt54g, you can't forward port 5522 to 22 for internal > >>>machine. > >>> > >>Security through obscurity is a poor substitute for security. Port > >>scanners > >>will eventually find that port also. > >> > > > >One needs something else for security against brute-force attempts, but > >changing the port number does help cut down on the amount of bandwidth > >consumption on the LAN side of your router by allowing the router to > >ignore/deny all incoming traffic on port 22. > > > Has denyhosts been considered? It has been considered (and used) by me -- but I have no idea about the OP. -- CCD CopyWrite Chad Perrin [ http://ccd.apotheon.org ] Larry Wall: "A script is what you give the actors. A program is what you give the audience."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071228214007.GH89701>