[Box-Admins] Change ssh port?

Ken Causey ken at kencausey.com
Thu Feb 20 18:05:55 UTC 2014 

On 02/20/2014 11:33 AM, Levente Uzonyi wrote:
> On Thu, 20 Feb 2014, Ken Causey wrote:
>
>> What does the group think of changing the port that sshd listens on
>> for connections?  Yes, I know this is a sort of security by obscurity
>> and is entirely pointless if you are being targeted.  But we aren't
>> being targeted yet the net is just full of drive-by connection
>> attempts these days.
>>
>> On a server I administer for a customer I used to get log reports of
>> hundreds and even thousands of the attempted ssh connections each and
>> every day.  I got tired of the noise and moved sshd to another port.
>> It has been years now and there has not been a single ssh connection
>> attempt from anyone other than me since I made the change.
>>
>> Now I'm not saying this is any serious problem.  And I don't get these
>> sorts of log reports on the Squeak servers currently, so this is not
>> addressing any noise I'm dealing with.  But I'm sure all of the Squeak
>> servers are being hit with connection attempts constantly, probably
>> more than the other server I deal with since it is in no way public.
>> At some point there is a tiny possibility that one of the connection
>> attempts will properly guess both a username and a password (and shame
>> on that person for using such a simple password if it happens :) ),
>> sort of the million monkey theory.
>>
>> Anyway this is something I've considered but of course it would affect
>> everyone who sshs to the servers and so I can't just make such a
>> change unilaterally.
>>
>> If you are in favor of this change suggest a number that might be
>> relevant to Squeakers and easy to remember, preferably <= 1024, if you
>> can think of one.
>
> What's the point of using a low port number? We always use a random high
> port for non-public services.
>

Any user can start sshd on a port above 1024, this makes it possible for 
an attacker who has gained access to spoof sshd.  I have used ports 
higher than 1024 before and currently, but it is better to use a port 
only superuser can listen on.

Ken

>
> Levente
>
>>
>> Ken
>>
>
>

More information about the Box-Admins mailing list