[Box-Admins] Change ssh port?
Ken Causey
ken at kencausey.com
Thu Feb 20 17:12:08 UTC 2014
What does the group think of changing the port that sshd listens on for
connections? Yes, I know this is a sort of security by obscurity and is
entirely pointless if you are being targeted. But we aren't being
targeted yet the net is just full of drive-by connection attempts these
days.
On a server I administer for a customer I used to get log reports of
hundreds and even thousands of the attempted ssh connections each and
every day. I got tired of the noise and moved sshd to another port. It
has been years now and there has not been a single ssh connection
attempt from anyone other than me since I made the change.
Now I'm not saying this is any serious problem. And I don't get these
sorts of log reports on the Squeak servers currently, so this is not
addressing any noise I'm dealing with. But I'm sure all of the Squeak
servers are being hit with connection attempts constantly, probably more
than the other server I deal with since it is in no way public. At some
point there is a tiny possibility that one of the connection attempts
will properly guess both a username and a password (and shame on that
person for using such a simple password if it happens :) ), sort of the
million monkey theory.
Anyway this is something I've considered but of course it would affect
everyone who sshs to the servers and so I can't just make such a change
unilaterally.
If you are in favor of this change suggest a number that might be
relevant to Squeakers and easy to remember, preferably <= 1024, if you
can think of one.
Ken
More information about the Box-Admins
mailing list