freebsd-questions-local at be-well.ilk.org
Mon Sep 8 14:29:36 UTC 2008
"joeb" <joeb at a1poweruser.com> writes:
> In FreeBSD 6.2 and older the port SSH listened on was controlled by
> /etc/services. Now in 7.0 SSH no longer looks at /etc/services to find out
> what port to listen on. Is this by design or error in the move to a newer
> release of SSH?
I hadn't noticed that sshd had *ever* used that file for that
purpose. It can be explicitly configured for a variety of
address/port configurations, using the "Port" and "ListenAddress"
configurations in the sshd_config file. Or overridden on the command
line. I recommend you leave the services file standard and modify the
config file, because that's how other admins would expect you to have
done it anyway.
> When it comes to security through obscurity don't be so fast to shoot it
> down. On my system port 22 was receiving over 700 scans or login attempts a
> day. Changing the SSH to use xx22 port stopped all the high school and
> college script kiddies cold. Now I only get maybe 5 hits on my xx22 port
> every 3 months.
I would word it a little differently. I don't think of changing the
ssh port as providing security at all: what it does is allows you to
put less effort into providing (roughly) the same security. Still a
Lowell Gilbert, embedded/networking software engineer, Boston area
More information about the freebsd-questions