> For the curious, I'm not doing this to enhance security, and yes, port
> 23456 was just for illustrative purposes only. That said, I don't think
> it is too harmful either.
>
Indeed for various reasons my daemon runs on 443
> There was a rather detailed reply explaining the difference between
> privileged and non-privileged ports (thanks, I know that from graduate
> school),
Thanks for the condescension but seeing as there was no indication of understanding the difference (and for the sake of random person googling the archives for the answer in future) it seemed sane to ensure the reasons why were written down here
> but if someone has gained access to my box do they really need
> to impersonate my sshd running on 23456? They probably own me anyway.
Not yet... They could well (and likely will) not 'own' you yet due to inability to do things like add kernel modules, open firewall ports, etc. By letting them fake a ssh daemon they can trivially keylog your credentials to reach root and complete the process of compromising you.
> Now, a legitimate non-privileged user might crash sshd on 23456 and run
> his own stuff, but hey, I'm the only user.
>
Good for you! Understanding the implications and best practices round them is still sound though.
>
> The default ports are for the world to be able to access the services
> you're offering (http, ftp, whatever). But when I'm the only one that
> needs remote access to my machine, I think I'm ok to run sshd on a
> different port.
Indeed but the choice of port and method to achieve that port is worth bearing a moment's thought.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
