FC16 - moving sshd to another port
Robert Moskowitz
rgm at htt-consult.com
Fri Dec 9 01:32:45 UTC 2011
On 12/08/2011 08:19 PM, Tim wrote:
> On Thu, 2011-12-08 at 09:26 -0500, Robert Moskowitz wrote:
>> I have always run SSHD on a different port as part of my obfusication.
>> Yeah, I know it will not stop good portscanners, but it stops all that
>> stupid doorknocking on port 22...
> A genuine question: Does it really matter?
A good port scanner will find SSH at whatever port you move it to. But
the script scanners out there only look for SSH on port 22; you either
have to block 22 from external, set up a limiter rule (easy with
shorewall), or move SSH as I do.
I find that I get lots of messages in my nightly cron if I leave ssh on
port 22 and none when I move it.
More information about the users
mailing list