Securing SSH access

Lonnie Olson lists at
Tue Apr 22 14:55:28 MDT 2008

On Tue, 2008-04-22 at 11:55 -0600, Steve Morrey wrote:
> Or just set it to something way off in the boonies but be consistent
> about
> it.
> For instance almost all of my servers have SSH at 2774 which if you
> look at
> it on a phone turns out to be 2SSH or my secondary SSH port.  How hard
> is it
> to type ssh -luser -p2774
> For the extra bonus of rarely (or never) seeing a dictionary attack I
> think
> the extra 6 keystrokes are totally worth it.  But you do have to use
> something you can remember and use it consistently

First of all, I see tons of extra keystrokes in there.  
Most of the time I just type "ssh server".  That's it, username is the
same everywhere, and the port is always the default.  It would take an
additional *7* characters to change the port " -p2774", don't forget
that space, it still counts.  Also compare the 7 extra characters in
relation to the total command.  "ssh server" 10 chars vs. "ssh server -p
2774" 17 chars.  Almost a 60% increase in the length of the command.  To
me, 60% is *not* negligible.

Also consider the number of times a day I actually run ssh, about 30-60
times a day on average.  It is a big deal.  

So I see two options to reduce the work to a one time operation:
1. setup my ~/.ssh/config file for all possible contingencies
2. Secure my public ssh servers very carefully.

I'll leave it on port 22, and just practice good security.


More information about the PLUG mailing list