openssh concerns

Andrew Kuriger a.kuriger at liquidphlux.com
Mon Oct 5 18:32:39 UTC 2009


On Mon, 5 Oct 2009 12:03:44 -0600, Lyndon Nerenberg - VE6BBM/VE7TFX 
<lyndon at orthanc.ca> wrote:
>> Personally I tend to either firewall the OpenSSH daemon, or leave it  
>> wide open. I don't really see the point in changing ports, as long as  
>> they are still publicly available.
> 
> The ssh bots only seem to probe port 22.  In well over a year of
> running my ssh servers on a different (very low numbered) port I
> haven't logged a single probe (across about a dozen highly visible
> servers).
> 
> --lyndon
> 
I personally don't use it (although I'm considering it), but you could
look into port knocking. Changing the port that SSHD binds to definitely
falls under that obscurity line since if somebody is targeting you, they
very well may run a SYN scan (Mmm namp) and read the banners to quickly
find out what port you are running sshd on, then target bots accordingly.
Granted, if somebody is not specifically targeting you and is just scanning
ranges to find sshd on 22 they will pass you right up since that port will
be closed.

Andrew

-- 
()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments


More information about the freebsd-security mailing list