Lowell Gilbert freebsd-questions-local at
Mon Sep 8 14:29:36 UTC 2008

"joeb" <joeb at> writes:

> In FreeBSD 6.2 and older the port SSH listened on was controlled by
> /etc/services. Now in 7.0 SSH no longer looks at /etc/services to find out
> what port to listen on. Is this by design or error in the move to a newer
> release of SSH?

I hadn't noticed that sshd had *ever* used that file for that
purpose.  It can be explicitly configured for a variety of
address/port configurations, using the "Port" and "ListenAddress"
configurations in the sshd_config file.  Or overridden on the command
line.  I recommend you leave the services file standard and modify the
config file, because that's how other admins would expect you to have
done it anyway.

> When it comes to security through obscurity don't be so fast to shoot it
> down.  On my system port 22 was receiving over 700 scans or login attempts a
> day. Changing the SSH to use xx22 port stopped all the high school and
> college script kiddies cold. Now I only get maybe 5 hits on my xx22 port
> every 3 months. 

I would word it a little differently. I don't think of changing the
ssh port as providing security at all: what it does is allows you to
put less effort into providing (roughly) the same security.  Still a
desirable goal.

Lowell Gilbert, embedded/networking software engineer, Boston area

More information about the freebsd-questions mailing list