[Box-Admins] Change ssh port?

[Levente Uzonyi]

On Thu, 20 Feb 2014, Ken Causey wrote:

> What does the group think of changing the port that sshd listens on for 
> connections?  Yes, I know this is a sort of security by obscurity and is 
> entirely pointless if you are being targeted.  But we aren't being targeted 
> yet the net is just full of drive-by connection attempts these days.
>
> On a server I administer for a customer I used to get log reports of hundreds 
> and even thousands of the attempted ssh connections each and every day.  I 
> got tired of the noise and moved sshd to another port.  It has been years now 
> and there has not been a single ssh connection attempt from anyone other than 
> me since I made the change.
>
> Now I'm not saying this is any serious problem.  And I don't get these sorts 
> of log reports on the Squeak servers currently, so this is not addressing any 
> noise I'm dealing with.  But I'm sure all of the Squeak servers are being hit 
> with connection attempts constantly, probably more than the other server I 
> deal with since it is in no way public.  At some point there is a tiny 
> possibility that one of the connection attempts will properly guess both a 
> username and a password (and shame on that person for using such a simple 
> password if it happens :) ), sort of the million monkey theory.
>
> Anyway this is something I've considered but of course it would affect 
> everyone who sshs to the servers and so I can't just make such a change 
> unilaterally.
>
> If you are in favor of this change suggest a number that might be relevant to 
> Squeakers and easy to remember, preferably <= 1024, if you can think of one.

What's the point of using a low port number? We always use a random high 
port for non-public services.


Levente

>
> Ken
>