[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How much difference does it make to run ssh on a different port number?

Chris Humphries wrote:
| On (03/10/05 16:07), Tarapia Tapioco wrote:
| | From: Tarapia Tapioco <comesefosse@ntani.firenze.linux.it>
| To: debian-user@lists.debian.org
| Subject: How much difference does it make to run ssh on a different port number?
| Date: Mon,  3 Oct 2005 16:07:45 +0200 (CEST)
| | Occasionally people recommend running sshd on a different port number
| (not 22) to reduce the number of cracking attempts (dictionary
| attacks).
| | Does this really make a big difference?
| Anyone have any statistics on it?
| | Thanks.

Changing the port just stops attempts from being logged, in the way
you log them. Worms and virus infected computers all over the world
will still try to connect to port 22/80/whatever and try whatever
they have programmed to do. Though it is very annoying, there is nothing you can do to stop it other than making your ip space unroutable, yet that is kinda useless ;)

If it bothers you to see the logs, don't log it.
If you feel scared about your password, pick stronger passwords and you
can even use john the ripper to test your passwords.
.gov "Green Book" on passwords is still relevant, and people should still
be using what it suggests, and with non-DES password storage anymore, the
passwords should be longer than 8 characters.

If you have ports open, unwelcome people are going to try to connect, and
try to run attacks, but most of those attacks are worms/trojans/viruses on
infected windows machines and are well documented.

Just make sure your software is up to date and your passwords are good, and
you'll be fine. Again, if you don't like the logs, don't look or store it ;)


public/private keys also help. And, if you know you are always going to be logging in from a specific machine, you can lock ssh down to only let that machine/subdomain/subnet/whatever be able to log in.

Reply to: