Re: ssh doesn't work.
On Wed 07 Dec 2016 at 13:49:34 -0500, Greg Wooledge wrote:
> On Wed, Dec 07, 2016 at 01:23:23PM -0500, Henning Follmann wrote:
> > Also changing the port to a nonstandard port is not a safety measure. Not a
> > reasonable at least. Unless there is some sane reason (like the network
> > operator prevents using port 22) keep it!
>
> I disagree with this. Changing the port at least decreases the number
> of brute force attacks against you, which saves resources (bandwidth, CPU)
> that are otherwise wasted by the attackers.
I agree with this. Having ssh on a port other than 22 does decrease the
*visibility* of probes to port 22. A user would in all probabilty see
nothing and would have a warm, fuzzy feeling. Job done; nothing to see.
However, while it might save resources it does not make the ssh service
any safer. Henning Follmann is correct, it is not a safety measure. To
be a safety measure it would have to guard against something which is
inherently defective in ssh itself. There is no such known defect in
ssh which makes random password probing more likely to succeed than
non-random probing.
> I understand that you mean "it will not stop a dedicated professional
> attacker who really, really wants to get into your computer". And that's
> true. But it does help against the random script kiddies and attacks of
> opportunity.
Whatever you understand, Henning Follmann said nothing of the sort. You
have put words into his mouth and introduced buzzwords like "dedicated",
"professional" and "attacker". You give the impression that someone who
really wants to get into your computer via ssh can do so.
That is not correct. There is no way *anyone* can get into your ssh
account protected by a good password. There is no hole in ssh; it does
not exist.
Random script kiddy attacks are of absolutely no consequence. Annoying
perhaps, but no threat whatsoever. In terms of security, changing the
port number for ssh does bugger all.
--
Brian.
Reply to: