[NTLUG:Discuss] OpenSSH - Newbie Question #2

Chris Cox cjcox at acm.org
Wed Jul 5 16:42:39 CDT 2006 

Wayne Walker wrote:
> I believe the jury is still out on this.
> 
> How:  edit /etc/ssh/sshd_config, uncomment the line like:
> #Port 22
> and change the port number
> Now restart sshd ("service sshd restart" or "/etc/init.d/sshd restart"
> on most distros).
> 
> Pros:
> 
> Fewer actual attacks (assuming random programmatic attacks) because most
> simple attack tools will look for ssh on port 22.
> 
> Um...that's it.
> 
> Cons:
> 
> Will not deter a determined attacker at all.  Someone determined to
> attack Your machine will port scan it.

Actually it will deter them.  They will initiate a port scan, your
firewall will make that difficult... so they'll target well known
ports... your ssh won't be running on port 22... hacker gives
up because of the plethora of lower hanging fruit.

> 
> May lock yourself out (built in firewall rules will allow port 22
> traffic usually, you now have to go specifically allow traffic on the
> port your ssh is listening on).

Firewalls default to blocking everything.  Chances are you had
to open up 22 (SSH).. it's really not that hard.

> 
> Any time you try to connect to the machine (with sftp, ssh, scp, puTTY,
> winSCP, ...) you have to perform whatever step is necessary to get that
> tool to connect to sshd on a non-standard port.

Huh?  It's really not a problem.  On the client side you simply
have to supply a port number parameter (now the fact that each client
uses a different switch option is disturbing :)  ).

> 
> Better practice (IMO).  Spend that extra effort making sure that you
> have a good system of keeping:
> 
> 1. your software packages (especially ssh) up to date
> 2. turn off unnecessary/unused services - e.g., nfs, telnet, pop, imap
> (use imaps, and pop3s) etc.
> 3. choose hard to guess passwords and change them occasionally.

I'm going to have to disagree with this one.  If you're running anything
on port 22 the multitude of "bot" software that is out there will
pound you to death.. regardless if the user initiating the attack/probe
understands what the software is/isn't doing.

Move your ssh port... I promise you that you will get rid of 99%+ of
all ssh hack attempts.

> 
> Wayne
> 
> On Wed, Jul 05, 2006 at 02:25:26PM -0500, Bobby Sanders wrote:
>> While reviewing the prior messages on this list and others dealing with
>> SSH, I have notice that everyone suggests that you change the port # for
>> this services.
>>
>> Is this as simple as editing /etc/services or do I have to be concerned
>> about changing in in a dozen other places, applications, etc.?
>>
>> Thanks
>>
>> Bobby
>>
>> _______________________________________________
>> http://ntlug.pmichaud.com/mailman/listinfo/discuss
>

More information about the Discuss mailing list