[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sshd port config and security



On Sat, Apr 07, 2001 at 12:19:38AM -0500, Vinh Truong wrote:
> * Patrick Maheral <pmaheral@AAI.ca> [010406 16:57]:
> > 
> > Is the firewall blocking all traffic that has a destination port 22, or
> > or a source port 22?  If only the latter, you can tell your ssh client
> > to use a high port number.  With OpenSSH, from work I use:
> >   ssh -P home 		# connect using a high source port
> > or
> >   ssh -2 -v -P home	# same as above, but force protocol 2, be verbose
> > 
> > Otherwise, my connection fails.
> 
> hmm, i'm using nt at work, so i use putty.  i know there is a way to
> specify destination port.  how do i specify source port (like ssh -P)?
> 
> also, as long as i use sshd and an ssh client to communicate back and
> forth, does it matter which ports they use?  isn't one port as good as
> another in this case, since the encryption is handled by the server and
> client?  is it less secure because i am using port 23 instead of 22?
> hope not.

 The client and server both encrypt.  Otherwise it wouldn't be very secure,
would it?  And no, of course it doesn't matter what port number you use, as
long as you are using ssh (or ssh mode of a telnet/ssh terminal prog.)

 ssh doesn't care what ports get used, as long as the ports used aren't
blocked by anything.  If all traffic (not just SYN traffic) to local ports <
1024 is blocked, then as you said, you need to use the equiv. of -P.  I
fired up putty on my machine, and there doesn't look like an option to do
that.  I guess you'll have to download the source and recompile.  All hail
Free software :-)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BCE



Reply to: