[lug] Changing Port 22?

Ben Whaley bwhaley at gmail.com
Tue Nov 13 21:34:42 MST 2007


Well, if the goal is to "reduce attack messages" then the focus is all
wrong. The goal should be to mitigate the risk of a successful attack.

I've done this in a few places and it certainly helps with the
automated scripts that try guessable passwords for common user
accounts. It should always be considered a second.. or third.. or
fourth line of defense, however. In general, you should:

1) Use password cracking software (like john the ripper) on your
shadow file on a regular basis
2) Evaluate user accounts occasionally to make sure they should exist at all.
3) Consider restricting which accounts can log in via ssh
4) Consider moving to public key authentication only, if possible
5) Make sure that root logins via SSH are not allowed
6) Consider restricting what hosts can connect (either via
tcpwrappers, which is natively supported by OpenSSH, or via iptables).
This may not be practical, depending on the environment.

Then, and only then, does it make sense to move SSH to a different port.

- Ben



On Nov 13, 2007 9:13 PM,  <gordongoldin at aim.com> wrote:
>
>  Change port 22 to reduce attack messages.
>
>  What does anybody think?
>
>  Worthwhile?  Any problems?
>
>
>
>
>
>
>
>  ________________________________
>  Check Out the new free AIM(R) Mail -- Unlimited storage and
> industry-leading spam and email virus protection.
>
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>



More information about the LUG mailing list