Re: can't run sshd on 23456 in Fedora 19

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> For the curious, I'm not doing this to enhance security, and yes, port
> 23456 was just for illustrative purposes only. That said, I don't think
> it is too harmful either.
>

Indeed for various reasons my daemon runs on 443

> There was a rather detailed reply explaining the difference between
> privileged and non-privileged ports (thanks, I know that from graduate
> school),

Thanks for the condescension but seeing as there was no indication of understanding the difference (and for the sake of random person googling the archives for the answer in future) it seemed sane to ensure the reasons why were written down here

> but if someone has gained access to my box do they really need
> to impersonate my sshd running on 23456? They probably own me anyway.

Not yet... They could well (and likely will) not 'own' you yet due to inability to do things like add kernel modules, open firewall ports, etc. By letting them fake a ssh daemon they can trivially keylog your credentials to reach root and complete the process of compromising you.

> Now, a legitimate non-privileged user might crash sshd on 23456 and run
> his own stuff, but hey, I'm the only user.
>

Good for you! Understanding the implications and best practices round them is still sound though.

>
> The default ports are for the world to be able to access the services
> you're offering (http, ftp, whatever). But when I'm the only one that
> needs remote access to my machine, I think I'm ok to run sshd on a
> different port.

Indeed but the choice of port and method to achieve that port is worth bearing a moment's thought.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux