can't run sshd on 23456 in Fedora 19
James Hogarth
james.hogarth at gmail.com
Tue Jul 9 15:20:45 UTC 2013
> For the curious, I'm not doing this to enhance security, and yes, port
> 23456 was just for illustrative purposes only. That said, I don't think
> it is too harmful either.
>
Indeed for various reasons my daemon runs on 443
> There was a rather detailed reply explaining the difference between
> privileged and non-privileged ports (thanks, I know that from graduate
> school),
Thanks for the condescension but seeing as there was no indication of
understanding the difference (and for the sake of random person googling
the archives for the answer in future) it seemed sane to ensure the reasons
why were written down here
> but if someone has gained access to my box do they really need
> to impersonate my sshd running on 23456? They probably own me anyway.
Not yet... They could well (and likely will) not 'own' you yet due to
inability to do things like add kernel modules, open firewall ports, etc.
By letting them fake a ssh daemon they can trivially keylog your
credentials to reach root and complete the process of compromising you.
> Now, a legitimate non-privileged user might crash sshd on 23456 and run
> his own stuff, but hey, I'm the only user.
>
Good for you! Understanding the implications and best practices round them
is still sound though.
>
> The default ports are for the world to be able to access the services
> you're offering (http, ftp, whatever). But when I'm the only one that
> needs remote access to my machine, I think I'm ok to run sshd on a
> different port.
Indeed but the choice of port and method to achieve that port is worth
bearing a moment's thought.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130709/5e901bd4/attachment.html>
More information about the users
mailing list