Securing SSH access

Steve Morrey lists at itconsultingplus.com
Tue Apr 22 11:55:29 MDT 2008


<snip>
On Sat, Apr 5, 2008 at 7:47 AM, Hans Fugal <hans at fugal.net> wrote:

> Lonnie Olson wrote:
>
>  I personally hate changing the port SSH listens on.  It adds great
> > complexity to day to day usage, and the benefit is small.  You either have
> > to specify the port number on every call to ssh, or add entries into your
> > ~/.ssh/config file for each host that you changed.  Really annoying.
> >
>
> And on each host that you use. So if you deal with 10 hosts and ssh to
> them from 5 different clients frequently... now you have 50 entries in
> .ssh/config files to deal with

</snip>


Or just set it to something way off in the boonies but be consistent about
it.
For instance almost all of my servers have SSH at 2774 which if you look at
it on a phone turns out to be 2SSH or my secondary SSH port.  How hard is it
to type ssh myserver.com -luser -p2774
For the extra bonus of rarely (or never) seeing a dictionary attack I think
the extra 6 keystrokes are totally worth it.  But you do have to use
something you can remember and use it consistently

Sincerely,
Steve

>
>  <http://plug.org> <http://irc.freenode.net>
> <http://plug.org/mailman/options/plug>
>



More information about the PLUG mailing list