This thread has slipped into a security debate, but I certainly didn't mean to start a flame war. For the curious, I'm not doing this to enhance security, and yes, port 23456 was just for illustrative purposes only. That said, I don't think it is too harmful either. There was a rather detailed reply explaining the difference between privileged and non-privileged ports (thanks, I know that from graduate school), but if someone has gained access to my box do they really need to impersonate my sshd running on 23456? They probably own me anyway. Now, a legitimate non-privileged user might crash sshd on 23456 and run his own stuff, but hey, I'm the only user. Then consider also the odds of sshd having a buffer overflow, running on the default port 22, vs. someone running a comprehensive scan on you. The sshd port is the only thing I have open in my firewall, so to all quick scans (port 21, 22, 23, 80, etc.) I'm non-existent. But, as Reindl Harald said, that's already another level of sophistication and with proper rate control in place and other measures in place, those can be dealt with. The default ports are for the world to be able to access the services you're offering (http, ftp, whatever). But when I'm the only one that needs remote access to my machine, I think I'm ok to run sshd on a different port. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
