SSH through port forwarding
Brian
bri at brianwhalen.net
Fri Dec 28 12:19:44 PST 2007
Chad Perrin wrote:
> On Tue, Dec 18, 2007 at 05:44:11AM -0500, Gerard Seibert wrote:
>
>>> On December 18, 2007 at 12:47AM sham khalil wrote:
>>>
>>> once you open port 22 to public ip, you'll get people try to bruteforce your
>>> machine.
>>> if you don't want that set sshd to listen to a higher number like 5522
>>> then forward port 5522 from the router to the internal machines.
>>>
>>> unfortunately for wrt54g, you can't forward port 5522 to 22 for internal
>>> machine.
>>>
>> Security through obscurity is a poor substitute for security. Port scanners
>> will eventually find that port also.
>>
>
> One needs something else for security against brute-force attempts, but
> changing the port number does help cut down on the amount of bandwidth
> consumption on the LAN side of your router by allowing the router to
> ignore/deny all incoming traffic on port 22.
>
>
Has denyhosts been considered?
Brian
More information about the freebsd-questions
mailing list