On Tue, 2016-05-17 at 20:12 -0400, Jonathan Billings wrote: > On May 17, 2016, at 7:56 PM, Always Learning <centos@xxxxxxxxxxx> wrote: > > (1) I would change the port from 22 to something more difficult to > > guess, perhaps 49026 (for example) and then block port 22 in the > > firewall. > > If you’re going to change the port, change it to something <1024. You don’t want to have sshd running on a port that a non-root user can bind to. But if, as I suggested, the enquirer restricts access to that port to his own IP, access attempts from other IPs will fail. Ports > 1024 can be accessed by authorised non-root users using the authorised originating IP whilst preventing access from all other IPs. -- Regards, Paul. England, EU. England's place is in the European Union. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos