Re: google cloud compute with PEM file

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2016-05-17 at 20:12 -0400, Jonathan Billings wrote:

> On May 17, 2016, at 7:56 PM, Always Learning <centos@xxxxxxxxxxx> wrote:
> > (1)  I would change the port from 22 to something more difficult to
> > guess, perhaps 49026 (for example) and then block port 22 in the
> > firewall.
> 
> If you’re going to change the port, change it to something <1024.  You don’t want to have sshd running on a port that a non-root user can bind to.

But if, as I suggested, the enquirer restricts access to that port to
his own IP, access attempts from other IPs will fail. Ports > 1024 can
be accessed by authorised non-root users using the authorised
originating IP whilst preventing access from all other IPs.


-- 
Regards,

Paul.
England, EU.      England's place is in the European Union.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux