On Wed, Jul 12, 2017 at 1:09 PM, Dave Ihnat <dihnat@xxxxxxxxxx> wrote: >> It is not complicated finding SSH running on a different port using Nmap: > > That's true. It's also true that the vast majority of scriptkiddies don't > do that. Quite seriously, moving SSH off port 22 *will* and *does* drop > the vast majority of doorknob rattling. There are security issues/concerns with running SSH using ports above 1024. Ports below 1024 can only be opened by uid 0 (root). Ports above 1024 can be opened by non privileged users. That means that SSH running on port 20002 can be opened by non-root user and with scripts simulate the SSH port functionality with scripting capturing sessions. This is something to keep in mind - i.e. using SSH on high port can you trust the connection based on your environment. > >> Suggest adding something like Fail2Ban to slow down the password guess >> attempts against SSH. > > True. Not only that, but also adding DenyHosts. Yes, DenyHosts is a good measure. Something else that may be considered is Port Knocking Daemon that keeps all ports down (i.e. SSH port 22 would not be open), until the correct knock sequence is received by the daemon. Frank Pikelner _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
